The Master ERM Recipe

key ingredients of good ERM


A while back, I spent an intense day with post-graduate students at the Nanyang Business School in Singapore. We talked a lot about embedding ERM into strategy and business planning. 

Towards the end of the day, we shared a summary slide. Much to my surprise, this slide caused an intense photo-snapping frenzy. Obviously, the contents “hit it” with the audience. Hence, I decided to share the contents of this slide in this blogpost.

the [master recipe for good ERM] slide was most popular amongst students

In case you prefer the more visual and audio-centric version, head over the LinkedIn to watch my recording of this blog.

Otherwise, thank you for reading on as I elaborate on the master ERM recipe!

the ingredients

three main ingredients of good ERM

Communication, the core mechanics and suitable benchmarks are the core ingredients for efficient and effective ERM.


I separate the communications “block” into three areas even though all three components are closely interlinked.

risk leadership starts at the top of any organisation.
risk culture, engagement and communication

Senior management engagement manifests itself in the form of an appropriate risk culture across your organization. This is a sine qua non condition. In other words, we must get this right. Senior management is an important, but by no means the only stakeholder to an organization.

Hence, you also have to bring other engaged parties to the cause. In other words, creating wide-enough stakeholder engagement is also crucial.

Depending on the circumstances, change management tools and techniques come in very handy. Probably the key step is to ensure that people understand the “why” and the “how” first. Subsequently, you should address the all important question “what is in for me/us”.

Lastly, communicate regularly, concisely and consistently how your organization will profit from the outcomes of a good ERM framework.


Subsequent to creating engagement, you focus on the mechanics of good ERM. It’s not rocket science, believe me.

the core mechanics of good ERM
  1. Start out by choosing an established ERM-methodology. I prefer ISO 31000 (2018), however any of the other well-known approaches will do as well. The point is: no need to re-invent the wheel!
  2. Subsequently, you need to adapt the methodology to your organization’s specific circumstances. An important aspect of adaptation is the development and deployment of a common risk language. Good communication never stops.
  3. Thirdly – and this is the KEY moment – establish a high-quality risk register. I wrote several blogposts and podcasted about the importance of the risk register.
  4. Once the core engine is up and running, you can extract good quality information. This enables risk-based decision making and the linkage of risk to strategy. Needless to say, you need to refresh the risk register regularly to ensure it remains meaningful.

The risk register is the central engine of the entire ERM-framework.

how does good look like?

Ultimately, good ERM will create tangible benefits for your organization. It can, however, be quite hard to measure the benefits during the early stages of your ERM journey.

Hence, practitioners often ask me “how do we know that we are on the right track”?

Two well established scales, namely “Risk Maturity” and the “PACED” principles come very handy to gauge your efforts during the build-up. Use your favorite search engine to find the most suitable one for you. You might have to adapt the benchmarks to your organization’s circumstances.

I sincerely hope you find this condensed version of my “Master ERM Recipe” useful. We are always here to elaborate on our method, customize it to your organization’s needs and circumstances. Our mission is to make your ERM-journey efficient and effective! Contact us via the links below.

Thank you for reading the article.