With Enterprise Risk Management becoming increasingly institutionalized, global best practices are continually under revision as international standards-setting bodies such as ISO or COSO seek to improve on ERM methods and guidelines. A core development in recent years has been the recognition that an objective-centric approach to ERM yields greater outcomes compared to the traditional taxonomy approach. At the same time, the constant evolution of ERM practices means that there is often a gap where organizations are slow to correct outdated methodologies – due to the complexity and resources required to change existing processes, structures, and culture.
Conventional risk management is based on taxonomies, which create an often inductive process for risk assessment. Risk is identified and aggregated into a static and ‘stable’ set of categories, then prioritized according to likelihood and impact. The limitation to this approach is that risk is not stable. While taxonomies allow for a certain level of customization across different business units, their success and efficiency is predicated on the use of a standard and somewhat rigid set of categories and shared language – ultimately ineffective for large corporations facing wide-ranging risk complexities. Read more