If my conversations with property/casualty insurance executives are any indication, many leaders view enterprise risk management (ERM) as simply an exercise for complying with regulations, reassuring investors, or otherwise documenting and reporting the company’s risks.

Even though a lot of U.S. companies (across all industries) have an ERM “program” of some sorts, the vast majority—90 percent according to the 2024 NC State University State of Risk Oversight survey—do not find it to be a helpful tool for accomplishing its goals.

When you consider that one of the major risk management standards, COSO, strongly emphasized the audit perspective as the driving force behind ERM in its early years, this statistic becomes more understandable—discouraging but understandable.

As a P/C executive trying to navigate what is probably the most turbulent environment for the insurance industry, the performance of your company is your top concern. Lists and information generated through a separate process well after the fact basically tell you what you already know and are not helpful.

The truth is ERM should be so much more than a bureaucratic documentation exercise. We’ve touched on different aspects of this idea in previous Carrier Management articles (see here and here), but today, my goal is to tie everything together to help executives like yourself fill in some knowledge gaps: what ERM is, how it can be a valuable tool in ensuring your company’s success, and the critical first steps for making that a reality.

Related articles: “Transforming Enterprise Risk Management From ‘Have To’ to ‘Want To’“; “Do Your ERM Practices Need Updating?“

Before getting into those details, let me take 20 seconds to give you a little bit about my background.

My insurance industry experience dates back 20-plus years to the Florida Office of Insurance Regulation, where I was responsible for company licensing, hurricane data reporting, financial analysis and examinations, and much more. After five years at the OIR, I moved to the industry side (OK, quasi-industry since it was a major residual market mechanism) to gain even more insight into how insurance companies operate.

It was also during this time while pursuing a master’s in Risk Management & Insurance from Florida State University that I came to learn about enterprise risk management, which at the time focused on tying the organization’s silos together to get a 360-degree view of risks.

Shortly after graduating, my then employer, Citizens Property Insurance Corporation, made the decision to start an ERM program, which I helped design, implement and manage, and I eventually became director of ERM.

After a few years in this role, and a lot of trial and error, I began to see how ERM could be a game-changer for helping companies make decisions, set goals, plan and execute, and just function better overall.

It was at this point where the idea for helping other carriers harness ERM in a streamlined way to accomplish goals started taking shape, and in 2016, the consultancy Strategic Decision Solutions was born.

Embarking on this uncertain journey is a good springboard into explaining what is encompassed in ERM focused on achieving goals and ensuring success, which boils down to:

1. The big picture of what the company wants to accomplish (i.e., goals and objectives).
2. Identifying what the company is relying on to be in place to achieve goal(s) (i.e., dependencies).
3. Identifying the assumptions being made as part of the goal setting (i.e., scenarios)
4. Understanding what could get in the way of achieving these goals (i.e., risks).
5. Determining the level of risk that is acceptable and what level is intolerable.

As a P/C executive, you understand there is uncertainty in every decision. When practiced properly, ERM is a valuable tool for understanding, preparing and even taking measured risks in pursuit of objectives because, at its core, it’s about asking questions and challenging assumptions.

Peeling the layer back a little more, many leaders have the view that ERM involves financial risk, reinsurance, compliance, corporate insurance and categorizing types of risks. That is certainly a part of ERM, and I’m confident that you are doing these things already—and doing them well!

You are leading an insurance company after all. Risk is woven into who you are and what you do.

The difference between what is billed as “objective-centric ERM” and other traditional forms of risk management is the first step. Objective-centric ERM focuses first on understanding what the company is trying to achieve for both the everyday business (mission) and strategic (vision).

I can imagine some readers are thinking, “This description of ERM helping drive success is not my experience at all. ERM has always been a naysayer—the group that gets in the way of progress.” If so, I just want to say I am sorry that has been your experience. ERM should be an enabler of success that provides executives with confidence that we as company leaders are making the right decisions.

For ERM to become this enabler of success instead of a bureaucratic, “check-the-box” compliance exercise, ERM must be able to move at the speed at which you and other executives make decisions. This is doubly true in an industry as volatile as P/C insurance.

Consider this: How would you like to be told that you must pause up to several weeks while a formal risk analysis is done?

Probably not very much, I’m guessing.

This and similar situations, occurring when ERM functions as a siloed process, is one of the main reasons why surveys consistently show that ERM is not helpful for creating a strategic or competitive advantage.

Instead of a cumbersome, separate process, ERM must be embedded in the organization’s day-to-day decision-making. What form this takes will vary from one company to the next, but there are some attributes that are universal.

Ask Tough Questions and Challenge Assumptions

Doing this concurrently with strategic planning and day-to-day decision conversations enables you to see the diversity of goals and subsequently determine which goals are going to make a discernable difference in realizing that future vision.

Having a person designated to ask tough questions and challenging assumptions helps you understand what must be in place to achieve goals. Often, executives or business leaders will have an idea but not consider dependencies, which can be internal or external to the company and consist of financial and human resources, equipment, processes and more.

Forgoing this analysis, regardless of whether it is for business and strategic objectives, or the inevitable situations that require a quick decision, can have all sorts of downstream consequences that spark chaos throughout the organization. These consequences can include, but are not limited to, customers moving to competitors, reputation damage, a drop in revenue and missed goals.

Take digital transformation as an example. From an operational perspective, technology is often a hindrance to achieving goals and growing the company. It can be a massive undertaking to transition business processes, people and mindset to support a new technology.

If your company is considering a certain type of technology, like AI for underwriting or launching an app for claims filing and bill payment, it is certainly tempting to jump headfirst. However, prudence requires you to not only consider the risks of adopting new technology but also the risks of NOT doing anything. Scenarios for different options should be developed to provide crucial insight for this type of decision, and this type of conversation can be done quickly without slowing down the business decision.

Taking steps like this will also better prepare the organization for any transition. Big projects are intimidating for everyone. Robust ERM practices facilitate a smoother transition by breaking actions or projects into bite-sized chunks, which reduces the risks around change management and increases chances of success.

ERM is not just another tactic but a new way of thinking.

Culture and Mindset Start With Leaders

I’ve sprinkled hints in the previous paragraphs, but the central idea of embedding ERM into the organization is more about culture and mindset over a new tactic. You may have even tried different tactics just to be disappointed.

Building better decision-making practices throughout the organization is something that is going to take time if it’s going to be done right. This starts with culture and people, which means it is up to leaders to set the tone at the top.

Leaders must be willing to hear tough news and respond appropriately. It is about leading people to embed risk in their day-to-day thinking and not just something to check off a list every so often.

Think of it along the lines of the famous quote, “Culture eats strategy for breakfast,” often attributed to Peter Drucker.

Specific tactics and methods for identifying and analyzing risk will develop over time. It is important to remember to start out small. Don’t bite off more than you can chew. Essentially, don’t reach for the most sophisticated methods right out of the gate without having the tools, processes and culture in place to support it.

It’s kind of like teaching your teenager how to drive. You wouldn’t just put them on a busy interstate highway in a big city right after getting their learners’ permit. You work your way up to that level.

Building ERM is much the same. If you try to use advanced techniques on the first day, the rest of the company will likely get confused very quickly. Instead, if you walk people through the new practices with clear and simple explanations, while making it relevant and helpful to them, you will get quicker and longer lasting buy-in and engagement.

Again, it all starts with culture. And this consists of setting the right tone and building the right type of risk-aware culture that enables and empowers all levels of the company to ensure everyone is working toward the same goals.

It sounds simple, but it’s often the simplest things that are the hardest to put in practice.

Are you ready to embark on this simple (yet challenging) journey?

Join other leaders of P/C companies who are driving decision-making, resource allocation and strategy management by embedding objective-centric ERM into the fabric of their company.