Skip to main content
Blog Post

Finding the opportunity in enterprise risk management: What’s in a name?

Insurance Consulting and Technology
Insurer Solutions

By Alice Underwood | February 14, 2019

The strategic chief resource officer realizes that enterprise risk management is about breaking down the silo mentality and analyzes risk and opportunity together.

This post is part of our "A Year in the Life of the Strategic CRO" series. Here we focus on how the strategic CRO can use the risk register and the well-known SWOT framework to offer enterprise risk management insights that can help identify strategic needs and opportunities.

Several years ago, an industry thought leader opined to me that we risk professionals had really missed a trick by adopting the term "enterprise risk management” (ERM) rather than "enterprise risk and opportunity management." While we can't just hop into the "Wayback Machine" and change history, I heartily agree with this assessment.


Well, names can make a difference. Oh, I'm not lamenting that we missed out on a pronounceable acronym (albeit one that might be confused with "erasable read-only memory”).

The thing is — especially in the insurance business — risk is opportunity! The Society of Actuaries has even adopted this as their motto. By failing to reflect this fact in the name of our practice, we risk professionals created a semantic frame that has the effect of limiting how people think about ERM. And when companies accept that limitation and keep ERM focused only on the downside of risk, they're ignoring the real value that ERM can offer.

Mine the risk register for opportunities

When updating the risk register, the strategic chief financial officer should consider whether given risks, or groups of risks, could in fact present business opportunities. Let's start with a few of the topics identified in 2018's most dangerous risks for insurers.

Our survey respondents considered the related issues of disruptive technology (number six), IT/systems and tech gap (number two) and customer needs not served by traditional approaches (number seven) to be significant risks. But clearly these also present opportunity for insurers that are able to innovate internally and/or capitalize on the innovative offerings of advisors and partners.

Cybersecurity and cybercrime — number one in our poll for both 2018 and 2017 — is top of mind for companies of all stripes, not just insurers. That, of course, presents an opportunity for insurers to offer coverage for this risk.

Survey results noting strategic direction and opportunities missed (number three) as a top-three risk suggests that strong interaction between the ERM function and corporate strategy would be beneficial.

Take a SWOT at it

Widening the frame, enterprise risk and opportunity management could use the familiar SWOT analysis framework: strengths, weaknesses, opportunities and threats.

STRENGTHS OPPORTUNITIES *Strategy discussions might start (but should not stop!) in this row
WEAKNESSES THREATS *ERM discussions might start (but should not stop!) in this row

A limited view of enterprise risk management might focus only on the identification of weaknesses and threats. But it's certainly my experience that, in working through a SWOT analysis, teams tend to jump from quadrant to quadrant. Examination of strengths can reveal potential blind spots (weaknesses) and opportunities for improvement. And, as noted above, the flip side of a weakness or threat could present an opportunity.

Identifying key strengths, weaknesses, opportunities and threats is just the first step, of course. Standard ERM practice tells us that having identified risks (weaknesses or threats) we should establish the risk owners, metrics, mitigations and controls. Successful creation and execution of business strategy requires establishing the owners, actions and metrics associated with opportunities.

And then count your TOWS

A TOWS matrix is one way to get even more value out of the SWOT. This matrix looks at the intersection of internal factors (strengths and weaknesses) with external factors (opportunities and threats):

OPPORTUNITIES How can we use our strengths to seize opportunities? How can we leverage external opportunities to mitigate or offset our weaknesses?
THREATS How can we use our strengths to mitigate and counter threats? How can we minimize both weaknesses and threats?

Using strengths to take advantage of external opportunities is, of course, the "sweet spot"of strategy! But a holistic strategic planning and risk management assessment should consider the other quadrants as well.

For example, an acquisition, partnership or joint venture might be a way to use an external opportunity to offset an internal weakness. A program to enhance employee engagement might be a way to minimize a weakness while reducing the threat of attrition. Maintaining strong customer focus and service standards could help counter competitive threats.

It's not necessary to consider all possible pairs that the TOWS matrix might generate — but on the other hand, using the top three in each category (strengths, weaknesses, opportunities and threats) to generate various strategic combinations can certainly spark new ideas!

For example, if strong brand is a key strength, and the top three threats are disruptive technology, cybersecurity and strategic opportunities missed, then the threats/strengths combinations might include:

  1. Strong brand and disruptive technology: "Use our strong brand to attract potentially disruptive start-ups into partnership with us"
  2. Strong brand and cybersecurity: "Develop contingency communications plan leveraging our strong brand for rapid customer outreach in event of a cyber breach"
  3. Strong brand and strategic opportunities missed: "Use TOWS matrix exercise to identify new opportunities for leveraging our strong brand"

…and so on with combinations of the other two key strengths with the top three threats. Then the exercise could proceed to consider combinations of opportunities/weaknesses and threats/weaknesses, as well as opportunities/strengths.

An opportunity to derive greater value from risk management

Fundamentally, the strategic chief resource officer realizes that enterprise risk management is about breaking down the "silo mentality"… and will look at the strategic approach to downside (risk) and upside (opportunity) together. Work that is already being done in ERM can very usefully inform strategic planning — and vice versa. Don't let that work languish in a silo! After all, risk and opportunity are two sides of the same coin — one we should spend wisely.


Alice Underwood
Global Leader of Insurance Consulting and Technology

Contact Us