Incorporating Strategic Risk into Enterprise Risk Management: A Survey of Current Corporate Practice


  • Stephen Gates

    1. Professor of Strategy at Audencia Nantes École de Management. He directs two of The Conference Board Europe's executive networks–corporate strategy and investor relations*.
    Search for more papers by this author

  • *

    The author expresses his appreciation for the contribution of The Conference Board, for which interview material and data were compiled in the preparation of a research report on this topic.


Since ERM is a relatively recent activity and has yet to be fully implemented in most companies, there has been little academic research about its accomplishments and about the obstacles to further progress. In particular, very little has been published about corporate attempts to identify and manage corporate strategic risks while integrating them into a corporate- wide ERM framework. This article uses responses collected from a survey of 271 risk and financial executives in North American and European companies to address the following questions: What forces are behind this push for a more organized and integrated management of significant risks? What challenges are companies encountering as they implement implement ERM? Once fully in place, how does ERM affect the company's ability to implement its strategy?

The primary drivers of ERM are said to be corporate governance requirements and other regulatory pressures, and management and investor demand for greater understanding of strategic and operating risks. The benefits of full ERM implementation are increased management accountability and better governance practices, greater managerial understanding of and consensus about corporate strategy, and, in some cases, higher credit ratings and hence a lower cost of capital. The tools and techniques to measure the impact of strategic risks appear to vary, depending on the stage of ERM implementation. For advanced ERM companies, the most frequently used tools and techniques are key risk indicators, self-assessments, and scenario analysis.