Risky Business – a new approach to enterprise risk management

We live in a world characterised by risk, uncertainty, and the unknown. The recent unforeseen impact from a sudden Covid-19 pandemic illustrates the point. Yet, we typically act as if we only confront identifiable risk events – out of convenience.


Photo: Shutterstock

Photo Shutterstock

While some organisations can respond to unexpected events – that can span from disruptive technologies and intensified competition to extreme weather events and climate related disasters – most of them cannot and have a challenging time.  So – how do we deal effectively with an increasingly complex and uncertain world?

Faced with uncertain and unpredictable business conditions that regularly trigger major corporate scandals, there has been increased focus on risk governance and reporting driven by public expectations, regulatory requirements, and corporate law initiatives.  

In support of this, various professional associations and public policymakers recommend adoption of Enterprise Risk Management (ERM) – notably the COSO and ISO 31000 frameworks.  The ERM guidelines and standards can be valuable in helping companies identify and deal proactively with risks – and opportunities. 

However, is this sufficient to deal with complex and risky international business contexts? These essential issues are explored in a new ground-breaking research article published in Long Range Planning.

Based on unique survey data from among the 500 largest companies in Denmark, the new research study from Copenhagen Business School investigates the effects of adopting ERM frameworks.  And, as something new, the study analyses risk management performance in conjunction with internal strategic decision-making processes.

“This is the first study of its kind to provide a more complete organisational picture of the risk management effects.  We find that pursuit of basic strategy-making efforts is fundamental to gain positive effects from adoption of formal enterprise risk management practices,” says Professor Torben Juul Andersen from the Department of International Economics, Government and Business at Copenhagen Business School.

Effective ways to deal with risk

The findings show that it takes more than implementing formal ERM frameworks to deal with uncertain global business conditions – it takes a broader organisational engagement.  The research suggests that corporate leaders, and public policymakers, should engage in deeper thinking about more effective ways to deal with the impending risks of our time that are girded with many uncertainties and unknown factors.

When actual developments take us by surprise and organisational decision-makers must deal with influences from unexpected events – like pandemics and climate effects – formal control-based guidelines and practices are insufficient. They are convenient and make us feel safe but provide a false sense of security,

The study argues that future solutions need a combination of fast responses with ongoing assessments of developments and viable solutions.  “Companies that enable local responses and engage in strategic planning to assess sudden events perform significantly better compared to companies that only adopt formal ERM frameworks,” adds Professor Andersen

Positive performance outcomes

The research found that adhering to the principles of ERM is linked to positive performance outcomes, but these effects are substantially enforced by decentralized responses and central strategic considerations.

Hence, it is not sufficient to adopt formal risk management practices to deal with impending risk events. Instead, the ability to deal effectively with uncertain and unknown conditions hinges on local responses and ongoing strategic analyses,

The study urges policymakers to think actively about how to deal with emergent risk situations, the most significant of which will exceed prior expectations and imagined scenarios. “The only way to find new viable solutions is by experimenting – or acting fast through local responses that may point the way towards an adapted strategic direction,” adds Professor Andersen.

“There is a need for more versatile risk responses to deal with unexpected events and the unknown conditions of the evolving future where formal control-based approaches actually may curtail the ability to create innovative solutions,” Professor Andersen concludes.


The page was last edited by: Sekretariat for Ledelse og Kommunikation // 07/11/2023