An Enterprise Risk Management (ERM) process identifies, measures, tracks, mitigates and communicates an entity's major business risks to stakeholders. A business risk that makes it onto the list of enterprise risks is typically a threat capable of disrupting the organization’s current growth strategy.

This course will explain in detail the components of a comprehensive ERM process—with implications for staffing, training, internal reporting, board oversight, and information management. We will take a close look at the current regulatory and compliance environment, and, drawing on case study research, examine the three stages of ERM maturity. We will also review:

  • What Enterprise Risk Management is
  • Why it is a crucial issue facing key stakeholders—especially now
  • New regulations and enforcement putting boards on notice
  • Imperatives to improve, calls for stronger ERM capabilities and the rising demand for disclosures
  • Excellence in ERM—what it means, and how to achieve it
  • Research findings and best practices

Intro Video Transcript

Enterprise Risk Management (ERM): Three Stages of Maturity By Mary Driscoll Hello there, and welcome to my course on Enterprise Risk Management- Three Stages of Maturity. I’m Mary Driscoll and I’m the senior research fellow for financial management at the American Productivity and Quality Centre, otherwise known as APQC. What we’re going to do today is talk about some crucial issues that are now cropping up that have got board members, CEOs and CFOs and other senior executives very worried. Let’s start with some definitions: • What is Enterprise risk management (ERM)? We’ll talk about that. We will then talk about why it’s very crucial now. I’ve been writing about risk management, and ERM for a very long time, but there is definitely a see-change going on, and I will argue today that it’s imperative that CFOs and their senior directors take a careful look at their risk management models, particularly whether you call it strategic risk management, or enterprise risk management, it’s extremely important to take another look at the processes you have in place today to deal with this. I will argue that there is a new wave of regulations and enforcement that is now bearing down on CEOs, CFOs and boards of directors, very akin to the pressure felt by senior executives in the wake of the passage of the Sarbanes-Oxley regulation act over ten years ago. We will talk about the imperatives to improve, and why is there a change in the environment. Why do strategic risks today loom larger? And we’ll see why there’s pressure on boards calling for stronger ERM capabilities. To put it bluntly, the SEC passed a regulation a couple of years ago that holds board members personally liable if they do not do a sound job of providing what’s called oversight board, oversight of enterprise risk management processes and capabilities. Boards are also responding to demands from institutional investors, analyst credit rating agencies as we’ll see, and the cherry on top, there are now rising demands for disclosures about non-financial drivers of valuation. What could that mean? Well, if you are in a publicly traded or even a company owned by a private equity firm, or you are simply beholding to your owners and your capital providers, there’s more and more pressure on CFOs today to understand non-financial drivers of valuation, okay. What do I mean by that? Well, if, for instance you are an up and coming biotech company and you are engaged in some sort of clinical trials and investors want to know how well those clinical trials are going, or who has died from them, that sort of thing, non-financial drivers of valuation and we’ll talk a little more about that. Then, the heart of this course, we’ll look at some research findings that my team and I have come up recently with at APQC. We will talk about best practices. We have a very rigorous methodology for surveying the general population to understand trends and needs and then we have a pretty rigorous methodology for identifying companies who are on what can be called, maybe not the leading edge, but the pioneering edge, really trying very, very hard to get this right. We’ll talk about what we’ve identified as the three stages of process maturity and we’ll also talk about the growing trend with a need to do a better job of identifying and quantifying risk. Okay, yes, there’s a risk. Okay, you’ve got a competitor in the market place, but if that competitor comes out ahead of you with a new innovation, what is the potential impact on your current market share and your growth prospects?

Learning Objectives
  • Compare where your company stands versus ERM leaders;
  • Grasp how to advocate for a risk-management modernization initiative;
  • Formulate a path-to-progress for designing and building an effective ERM process; and
  • Gain a view of how to assess risks in current business strategy and act to contain those risks.
Last updated/reviewed: August 27, 2023
45 Reviews (158 ratings)

Reviews

3
Anonymous Author
* Content was relevant, but in some instances more attenuated to the core topic of maturing an ERM function. * Disproportionate amount of time on various examples (e.g., FCPA, tax regulation, SEC and gatekeepers, historical/contextual backdrop) and survey results versus the 3 stages themselves (approx. last 15 min.), along with practices, tools and insights.

4
Anonymous Author
This course offers a good introductory overview to the mindset required to achieve an effective enterprise risk management program in today's world. The only thing I would have wanted in addition were some practical "next steps" to moving the maturity of one's ERM up the scale.

5
Member's Profile
Really good overview of the enterprise risk management concept and how it can be developed and implemented within an organization. Good explanations regarding risk owners and the distinction between strategic planning and risk management, and how they relate to each other.

4
Member's Profile
Most of the session is focused on why ERM is important and why most companies are deficient, rather than defining and implementing the three stages. That said, there are good examples and excellent resources for best practices, so overall quite useful.

5
Member's Profile
I really liked the clarification and discusion concerning what enterprise and strategic risks area, and at what level these should be managed in the organization. There was, however, some duplication in the "new research on ERM" modules.

4
Anonymous Author
Fairly good course. However, the presentation was probably longer than necessary to present the key concepts and the title of the course was a little misleading as not a lot of time was spent on the stages of ERM maturity.

3
Member's Profile
As with many courses, I wish this one was less focused on publicly-held corporations and more directly applicable to government entities, but there was enough useful information here to draw some good ideas.

Anonymous Author
I thought the presentation and materials were excellent. The review quiz also made sense. The "exam" did not include questions to determine whether or not I knew or understood the material.

5
Anonymous Author
This was an excellent course on the Illumeo platform that covered the nuances of risks and the need to have a strong strategic alignment to address those risks.

Member's Profile
Pros - Good examples of why we need to rethink ERM. Cons - I would have appreciated more info on how organizations can move from maturity stage 1 to 2 and 3.

4
Member's Profile
I enjoyed the content and learned a lot, however, it would be nice to get an update to this course. It seems like it has aged some since it was first created.

5
Member's Profile
I like the conversational tone with which Mary presents ERM concepts, making it practical with lots of real life examples to make it more relevant to users

5
Anonymous Author
Interesting class. The final exam comes more from the class than the handouts, would like to see all material in a hand out for reference after the class.

5
Anonymous Author
The ultimate goal of ERM is to enhance an organization's ability to navigate uncertainties and achieve its objectives while minimizing potential risks

4
Anonymous Author
The course provides high level overview of the ERM process and importance to an organization and typical pitfalls that may occur.

4
Anonymous Author
This course provides a basic understanding of what Enterprise Risk Management (ERM) is and how ERM relates to strategic planning.

3
Anonymous Author
The presentation highlights the basic concepts, however the practical examples were not so clearly connected to the points.

4
Anonymous Author
Course is to the point, recognizes the pitfalls of risk management in todays large companies and provides relevant content.

4
Anonymous Author
Some of the pictures used in the course material is very hard to read through. Otherwise everything is good.

5
Member's Profile
This course was very insightful. Examples were relevant. Instructor's presentation flowed very well.

4
Anonymous Author
Overall it was a good course, and covered some interesting content, and was presented quite well.

4
Member's Profile
Mary gives a nice perspective of ERM that is seen from a different view than I've seen in the past.

5
Anonymous Author
Recommend this course so much Enterprise Risk Management - (ERM) - The three stages of maturity.

4
Anonymous Author
Refresher ERM Training. Nothing surprised me. Beginners will gain a lot from this training.

5
Member's Profile
ERM is valuable at my organization. This course was outlined well and matches what I see.

3
Member's Profile
This course provided much helpful information; however, I have seen better presentaions

3
Member's Profile
The course has good content and details to provide context and color to the material.

5
Member's Profile
This was a good course. Would recommend anyone needing CISA CPE to take this course.

4
Anonymous Author
This is a basic program on ERM and relates primarily to the changing focus on ERM.

4
Anonymous Author
Overall the course did explain about ERM. More explanations would be appreciated

2
Anonymous Author
High level and the ERM world has progressed beyond some of the concepts here

5
Member's Profile
Excellent first step in appreciating ERM and its benfits and dependencies.

4
Anonymous Author
Good course on risks and the strategies used to mitigate the risks.

2
Member's Profile
This material is a bit dated still relevant but should be refreshed

5
Anonymous Author
Good course on ERM's and risk, easy to follow and good material!

4
Member's Profile
Very good emphasis on the difference between ERM and Strategy.

5
Anonymous Author
I enjoyed the brevity of this course. short and to the point.

4
Anonymous Author
This course is helpful and would recommend the instructor.

5
Anonymous Author
This is a must needs course to understand today's risk

3
Member's Profile
2014 means data and SEC actions are a bit out of date

3
Member's Profile
Understood basic deterrents to ERM implementation

3
Anonymous Author
Chock full of great data. Good class.

4
Anonymous Author
It was a very good course

4
Anonymous Author
Good

5
Member's Profile
Good

Prerequisites
Course Complexity: Intermediate

Prerequisite: Exposure to risk management

 

Advanced Preparation: None

 

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
INTRODUCTION AND OVERVIEW
What is ERM?
  Defining ERM19:43
  Strategic Risk Demands Fast Changes10:02
  New Research on ERM11:41
CONCLUSION
  The Three Stages of Maturity and Course Summary7:16
SUPPORTING MATERIALS
  Slides: ERM: The Three Stages of MaturityPDF
  ERM: The Three Stages of Maturity Glossary/IndexPDF
  CREATIVELY BUILD A RISK-INTELLIGENT CULTUREPDF
  USING RISK TO YOUR ORGANIZATION’S ADVANTAGEPDF
  ERM: 7 Imperatives for Process ExcellencePDF
REVIEW & TEST
  REVIEW QUESTIONSquiz
 FINAL EXAMexam