Enterprise risk management (ERM) is shaking the corporate world -- perhaps because, as a recent study shows, the world is shaking up ERM A study conducted this spring by Deloitte and Forbes Insights finds that an astonishing 91 percent of respondents plan to reorganize and re-prioritize risk management over the coming three years. Planned changes included: elevating the function within the organization (52 percent) reorganizing processes (39 percent) providing additional training for staff (37 percent) incorporating new technology (31 percent) integrating ERM into strategic planning (28 percent) Why all the turmoil? ERM programs are changing in response to a variety of forces. These stimuli include market volatility, regulatory changes, and even the rise of social media — which is the fourth-most-commonly cited source of risk in the survey. Overall, the Deloitte study notes that companies have “less tolerance for volatility and less tolerance for surprises” in the wake of ongoing global financial challenges, as articulated by one of the survey participants. The response base comprised three broad industry groupings: life sciences and healthcare, consumer and industrial products, and telecom. Interestingly, when asked about their preferred outcomes of ERM efforts, life sciences companies were more likely to be concerned about compliance with regulatory changes; respondents from the other two industries were more focused on improving revenue growth. In our observation, security pros (and associations and vendors) are prone to shave off their piece of the risk management pie, dubbing their disciplines security risk management, information risk management, and so on. These naming conventions can provide focus, but may also foster the development of functions that are out of sync with broader ERM initiatives. Related content opinion Getting the Board on board Sean Lyons argues that the Board of Directors must see themselves as an active part of corporate defense - not the beneficiaries of it By Derek Slater Feb 13, 2013 8 mins Government IT Strategy opinion Recent risk discussions, here and there By Derek Slater Jan 28, 2013 2 mins IT Strategy opinion Risk management in HBR (and whether that's a good thing) Is ERM only about preventing downside? Or is there more to it than that? By Derek Slater Dec 12, 2012 2 mins IT Jobs IT Strategy IT Leadership opinion Information security risk: A conversation with Adam Shostack How has the landscape changed since publication of The New School of Information Security? By Derek Slater Dec 04, 2012 5 mins Data and Information Security IT Strategy Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe