Is ERM Your Handbrake or Your Turbo Boost?

By Carolyn Graham

Carolyn Graham serves as Chair of MacEwan University and director on two for-profit boards. She has experience on numerous public, private and not-for-profit boards. Carolyn previously served as chief financial officer and chief risk officer of a federally-regulated, Canadian bank.

In today’s VUCA (volatile, uncertain, complex, ambiguous) or BANI (brittle, anxious, non-linear, incomprehensible) world, organizations can feel like a high-speed vehicle navigating unpredictable roads. Directors don’t drive the vehicle but we’re responsible to ensure it can perform at a high level to navigate complexity, manage risk, and oversee strategy. Yet many directors are dissatisfied with the ERM information they receive. 

I’ve been there and served on a board that restarted its ERM approach three times over five years:

1. First attempt: A board committee volunteered to build the inaugural risk register, but lacked the depth and time to complete the project.
2. Second attempt: A bottom-up reset began with risk owners but, after 18 months, no insights (or reporting) had reached the board.
3. Third attempt: We started from the top and focused on key executive-owned risks.

These efforts reflect a common problem: ERM is often backward-looking, siloed, and too slow for today’s pace. At worst, it feels like a check-the-box compliance exercise, disconnected from strategy.

I’ve yet to join a board that doesn’t believe their ERM reporting could improve. Directors consistently seek deeper insight into how the CEO and executive team think about key risks. To begin the conversation, boards must clarify whether they’re concerned about how risks are identified, mitigated and managed or the quality of ERM information reaching them. If the former is sound, the priority is to transform ERM into a forward-looking tool to help navigate ahead through a system that emphasizes foresight and insight over hindsight.

The Board’s Role in High-Performance Oversight

When supported by an effective ERM function, boards can add significant value over these six roles:

1. Strategic Navigator – Set direction and track alignment with long-term goals. In a fast-changing world, boards help adjust course when needed.
2. Risk Radar System – Oversee risk frameworks like radar spotting hazards, such as regulatory changes or market shocks, before they hit.
3. Brake and Gas Pedal Advisor – Know when to pause (slow down, de-risk) or accelerate (invest, scale) depending on the terrain ahead.
4. Performance Dashboard Monitor – Monitor KPIs and early warning signals. In turbulence, rapid interpretation matters.
5. Moral Compass & Governance GPS – Keep the organization on ethical and legal track to prevent veering into dangerous territory.
6. Pit Crew Chief – Support, evaluate, and coach the executive team to perform under pressure and transition when needed.

The board’s job isn’t to drive but to ensure the vehicle is safe, strategic, and capable of high performance.

Upgrading ERM: Go-Kart or Ferrari?

To assess how your ERM function serves the organization’s strategy, ask yourself:

• Is your ERM function a finely tuned Ferrari or an entry-level go-kart?
• And, is that what your organization needs today?

A go-kart might work fine on a closed track but not on the Autobahn in a thunderstorm!

As with all aspects of governance, better is always possible. To enhance your ERM effectiveness and board engagement, start from where you are with incremental steps and be realistic about resourcing. You can’t expect Ferrari performance on a go-kart budget. 

Upgrade Your ERM Engagement

1. Recognize where risk conversations already happen. Risk intel often surfaces in business updates, financial reports, or M&A analysis — not only in a standalone ERM report.
2. Give clear feedback. Vague comments like “this report isn’t helpful” don’t facilitate improvement. Gather specific insights from directors and share them with management.
3. Share what works. With permission, provide helpful ERM templates or examples from other organizations.
4. Make reporting visual and evolving. Use clear dashboards, colour-coded trends, and one-page summaries to show how key risks are shifting.
5. Design for dialogue. Make space in the agenda for discussion rather than the passive receipt of information. Boards should periodically engage with the risk content and its implications.
6. Ask the tough questions. What are our red lines? How close are we to breaching them? How have recent changes affected our cushion?

A high-performance vehicle depends on finely tuned systems to safely travel at higher speeds. So too does a high-performance organization. The ERM function should actively inform strategic choices, rather than flagging hazards after the fact.

When ERM works well, risk and strategy are aligned. Leaders can “see around corners,” boards help guide momentum, and the organization moves confidently toward its goals with fewer surprises.

Are We There Yet?

As for that board I mentioned, I’m pleased to share that our continuous improvement quest recently aligned our risk register with the core pillars of our strategic vision. Now, when risks shift, we can see more explicitly which part of our strategy may face a headwind or benefit from a tailwind on the road ahead.

So, if you asked me, “Are we there yet?” on our ERM journey, I’d say: Not yet, but we’ve recalibrated our GPS, upgraded the engine, and tuned the suspension. We’re no longer stuck in the parking lot or circling the same track. We accelerate with intention, constantly scan the horizon, and handle corners with more confidence.

In today’s environment, a high-performance organization can’t afford to drive blindfolded or brake too late. It needs a risk function that acts like performance-grade telemetry to translate speed, traction, weather, and road hazards into strategic guidance in real time.

ERM, done right, doesn’t slow us down. It’s the system that allows us drive faster with control.