Enterprise Risk Management

A successful ERM journey needs a trusted guide


Several factors contribute to the demand for ERM, such as increased speed of change, growing market volatility and complexity, higher expectations from investors, greater pressure from regulators, etc. In this context, the need to navigate uncertainties, the increased scrutiny from the board, and are causing organizations to question whether they have the right focus on ERM. Are they looking to comply and conform, or are they looking to become a more risk-informed organization?

Many organizations are demanding value beyond “enterprise risk listing” activities and the inertia that can impact an ERM program that loses momentum. They want and need ERM programs that help them anticipate, adapt, and respond to changes, focusing efforts and resources on risks and opportunities that can impact their strategy and performance. Forward-thinking organizations are using ERM to integrate strategy, business planning, and key decision-making processes to drive better business performance.

web graphic

Getting More Value from Enterprise Risk Management (ERM)

Our Risk-Informed Approach Changes the ERM Conversation

Our proprietary risk-informed methodology aims to provide management and the board with relevant risk and opportunity information to support decision-making during strategy setting and performance management. This allows companies to accelerate the alignment process with the new COSO ERM principles and related best practices. To this end, our risk informed approach supports the development and evolution of an ERM program that is:

  1. STRATEGIC: Considers the impact of risk on strategy and performance
  2. BALANCED: Measures both risks and opportunities
  3. INTEGRATED: Is integrated with strategy setting, planning, and business execution
  4. CUSTOMIZED: Reflects organizational business needs, expectations, and cultural attributes

From our experience, we recognize that each ERM program and its goals are unique and influenced by organizational culture, strategy, and business goals. Therefore, we describe ERM as a journey because it is evolving and not a straight road to success.

Given that there is no “one-size-fits-all solution,” one of the key benefits of our risk-informed approach to ERM is that organizations can tailor it to fit their maturity, risk culture, and risk management needs and expectations.

It is important to understand the current state of the ERM journey and desired goals in order to envision the next steps.


Matthew Moore
Matt is a managing director and global leader of Protiviti’s Risk & Compliance practice. He has extensive experience advising clients in matters related to risk management, regulatory compliance, corporate governance and internal controls. Matt helps his ...
Emma Marcandalli
Emma Marcandalli is Managing Director in our Milan office. Emma has 20+ years of experience in providing governance, risk, compliance and internal control consulting services to clients in different industries, where she developed a strong expertize in process analysis, ...

Relevancy in Today’s Digital World