The AnotherDay team ran an Enterprise Risk Management maturity assessment for a large retail and asset management client. We spoke to key stakeholders across multiple business areas and of differing seniority to gain an understanding of how those across the business embedded risk management in their day-to-day activities.

The objective was to assess the current state of ERM practices within the organisation and identify areas for improvement. The findings highlighted several key areas for improvement, including the defining risk tolerance, consistent use of risk management tools, setting key metrics, ensuring oversight, and the alignment of strategic goals with risk-based approaches.

The client faced challenges in understanding and making decisions around risk-reward trade-offs due to the absence of formally defined risk tolerance for each business area and category of risk. Although some business areas had defined risk tolerance based on standards, regulations, or the nature of the threat, this baseline was not consistently applied across all business units or areas of risk.

Furthermore, while strategic goals were somewhat linked to key risks at the client, they were viewed as separate entities and sometimes conflicted with risk-based approaches, leading to high-risk decisions or projects being pursued without proper consideration of the associated risks.

The report also highlighted the lengthy journey they had come on to get to the maturity they were at and showcased their dedication to further improving risk management. Many individuals were extremely complimentary of the team involved in driving risk management and spoke of the supportive and communicative nature of that team.

The assessment of the client's ERM maturity revealed several areas for improvement, and we scored them based on this to help illustrate where they could benefit from making changes.