Articles
Creating an Effective Enterprise Risk Management Roadmap
- By Johan Nystedt, Nystedt Enterprise Solutions LLC
- Published: 2/18/2025
Enterprise risk management (ERM) is a comprehensive, top-down approach that organizations use to manage key risks across the entire enterprise. Unlike traditional risk management, which often focuses on specific areas or departments, ERM takes a holistic view, considering how different risks interrelate and impact the organization. As a strategy enabler, ERM not only aims to avoid risks but also supports smart organizational risk-taking focused on high risk-adjusted returns in core business areas.
This article will guide finance professionals through the process of creating an ERM roadmap to elevate their organization's ERM efforts, emphasizing the importance of ERM in strategic decision-making and the role of feedback loops in this process.
The Strategic Importance of an ERM Roadmap
In today's fast-paced and ever-evolving business landscape, the agility of an organization’s strategy is paramount. The typical ERM cycle of identification, assessment, management, implementation and monitoring remains crucial. However, to advance ERM to the next level, versus just conducting incremental changes, organizations need to create and maintain a roadmap that supports the path toward desired ERM objectives. This roadmap serves as a dynamic guide, enabling organizations to transition from their current state of ERM implementation to their desired state while ensuring transparency, consistency and measurability for stakeholders.
What Is an ERM Roadmap?
An ERM roadmap is a strategic tool that outlines the path an organization will take to manage risks. Whether an organization is just beginning its ERM journey or renovating its ERM program in response to changing environments, an ERM roadmap helps plot the journey. It starts with internal alignment on the current state, desired state, involved parties, milestones, priorities and available resources. Similar to planning a road trip, an ERM roadmap helps organizations prepare for the journey by identifying necessary resources and planning for potential challenges.
Below is an example of a maturity-driven ERM roadmap. Note that the order is important.
| Passive risk management priority recommendations (push, i.e., “you have to…!”) | ||
|---|---|---|
| 1 | Leverage governance. | Create succinct policy to establish authority. Policy ≠ procedure or guideline |
| 2 | Obtain demonstrated authority/agency to act by virtue of having sanctioned achievements dashboard. | Demonstrate executive sponsorship, tone from the top. Regularly track achievements with sponsors using dashboard. |
| 3 | Lead, renovate and elevate a Risk Oversight Committee (ROC). | Control ROC agenda and membership to mitigate conflict potential. |
| 4 | Expand stakeholder set and communication. | Townhall meetings to involve grassroots. Expand external communication. Leverage rating agencies, bank interactions. Be the undisputed risk leader & the voice of risk. |
| 5 | Establish RAROC model for evaluating initiatives. | Use pre-aligned RAROC to drive collaborative decision-making for strategic initiatives. |
| Active risk management priority recommendations (pull, i.e., “can you help me with…?”) | ||
| 6 | Drive operational accountability for RMAP delivery. | Establish and update RMAPS, KRIs, risk triggers, risk interrelationships and dependencies. Detail accountability and responsibilities. |
| 7 | Drive risk culture and tactical risk agenda. | Start with quick wins. Provide success stories even if from other organizations. Spread understanding that “to drive fast, we need good brakes.” |
| 8 | Deliver the strategic risk vision. | Reveal strategic mission of ERM. Be specific, measurable, realistic. |
| 9 | Foster relationships and connectivity across company. | Create risk forum encouraging risk honesty. Expect to showcase the elephant in the room. |
| 10 | Integrate ERM into strategic plan. | Integrate ERM/risk findings into strategic plan with KPIs, KRIs and consistent assumptions. |
The Role of an ERM Roadmap in Business Strategy Agility
An ERM roadmap is not just a static document; it is a strategic tool that outlines the path an organization will take to manage risks. By regularly updating this roadmap, businesses can ensure they are prepared for emerging threats and opportunities. This dynamic approach allows organizations to pivot quickly in response to changes in the external environment, thereby maintaining strategic agility.
Key Benefits of an ERM Roadmap
- Proactive Risk Management: An ERM roadmap helps organizations anticipate potential risks and develop mitigation strategies in advance.
- Strategic Alignment: It ensures that risk management activities are aligned with the overall business strategy, enhancing coherence and focus.
- Resource Optimization: By identifying and prioritizing risks, organizations can allocate resources more effectively, ensuring that critical areas receive the attention they need.
How to Get Started
While every organization is unique, the key steps to create an ERM roadmap tend to be similar irrespective of industry or company size, although the actual implementation may differ. Here are the typical steps in creating an ERM roadmap:
- Determine Broad Parameters with ERM Lead: Establish the scope and objectives of the ERM roadmap.
- Present to Key Stakeholders: Highlight the merits of ERM and the importance of a roadmap to gain organizational buy-in.
- Conduct Interviews on Current and Target State: Gather insights from various stakeholders to understand the current state and desired future state of ERM.
- Present Findings and Resulting Roadmap: Share the findings and proposed roadmap with stakeholders and gain sign-off.
- Implement the Roadmap: While creating the roadmap and implementing it are technically different aspects, both are crucial for the journey.
The Importance of Incorporating Feedback Loops
When designing an ERM roadmap, key prerequisites for making the journey are often identified. Some of these prerequisites are mission-critical enough to be built directly into the roadmap. For example, if the roadmap's feasibility depends on certain internal resources or is conditioned on a specific external environment, it makes sense to incorporate "feedback loops" or sensors into the roadmap.
Feedback loops measure the feasibility of continued roadmap progress. In the context of a road trip, a sensor could be the fuel gauge. Without fuel, the trip cannot continue, and a detour to a fuel station is needed before proceeding. Similarly, an ERM journey may rely on key assumptions, and without them, the journey needs to be rethought.
Feedback loops enable continuous learning and improvement by providing quick insights into risk events and their impacts on the feasibility of continued progress against ERM roadmap milestones. They are also important for the following reasons:
- Real-Time Monitoring: Feedback loops provide ongoing monitoring of risk indicators, which provide signals that trigger timely interventions.
- Adaptive Learning: They facilitate the continuous refinement of risk management strategies based on new information and experiences.
- Enhanced Decision-Making: By providing actionable insights, feedback loops support informed decision-making and strategic adjustments.
Feedback Loops in Action
Consider a medium-sized manufacturing company that integrates feedback loops into its operational processes. The company uses sensors on its production equipment to monitor performance and detect anomalies. When a sensor detects a deviation from normal operating conditions, it triggers an alert. This alert prompts the team to investigate and address the issue before it escalates into a major problem.
Similarly, the company’s ERM roadmap includes regular reviews and updates based on feedback from sensors. This approach ensures that the company can adapt its risk management strategies dynamically, maintaining operational efficiency and strategic agility. When such sensors are proactively contemplated when designing the roadmap, the implementation of the roadmap itself is expedited.
ERM for a Rapidly Changing World
Creating and maintaining an ERM roadmap is essential for ensuring business strategy agility in a rapidly changing world. By integrating feedback loops into ERM processes, organizations can achieve continuous learning and improvement, much like how sensors in vehicles and equipment alert users to potential issues.
For finance professionals dealing with risk at medium and larger-sized businesses, adopting this dynamic approach to ERM will enable them to navigate uncertainties effectively and sustain long-term success.
A beneficial side effect of implementing an ERM roadmap is that it reinforces the value of the ERM team, helping shift ERM from being viewed as a mandatory task to a strategic business partner role. This shift fosters an environment where ERM is seen as a natural part of strategic planning, rather than a "check-the-box" exercise, ultimately building stronger careers for finance professionals engaged in ERM.
Johan Nystedt is president and founder of Nystedt Enterprise Solutions LLC and has managed risk for many companies including Conagra Brands (as the chief risk officer), Levi Strauss, RR Donnelley and Kraft Foods.
Navigating Risk: Treasury and FP&A as Co-Pilots
This webinar features two experienced CFOs and AFP's subject matter experts on treasury and FP&A discussing how these finance departments view financial risk overall, risks specific to the APAC region that concern them today and how they partner across the organization to ensure success.
Copyright © 2025 Association for Financial Professionals, Inc.
All rights reserved.
JUST RELEASED
AFP Treasury Benchmarking Survey
Underwritten by Wells Fargo
Are cash and liquidity forecasting top priorities for your treasury team? Are you leveraging automation to streamline these processes? As AI adoption accelerates, see how your organization compares to others when you download the results.
