3 Critical Capabilities for Enterprise Risk Management Leaders in 2025

As risks continue to emerge and impact organizations more swiftly, only 19% of CROs and ERM leaders express high confidence in knowing when their organizations should transition from monitoring to actively managing emerging risks.

In the current climate of heightened volatility and uncertainty, executives will rely on CROs and ERM leaders to define the emerging risk universe and determine appropriate actions. This involves identifying risks that require immediate intervention, as opposed to “far horizon” risks that can continue to be monitored. With a comprehensive view of the enterprise risk portfolio, ERM leaders are also on deck to guide the organization in determining the most effective actions.

As the risk universe grows, organizations increasingly rely on risk owners who can skillfully manage their own risks and actively participate in the ERM process. However, the responsibilities of risk ownership are becoming more complex. ERM leaders report that only 18% of risk owners provide high-quality information about their risks, and just 14% have effective mitigation plans.

ERM leaders often assume that underperformance is due to insufficient motivation or accountability. However, CROs and ERM leaders who incorporate more support for risk owners into their ERM programs see a 43% improvement in risk owner performance, compared to only a 7% improvement when focusing solely on motivation.

With greater risk complexity and speed, CROs and ERM leaders are increasingly turning to technology like governance, risk and compliance (GRC) tools to gain faster insights. Despite increased investments in these areas, many ERM leaders report that technologies, with long deployment times and only moderate improvements to the ERM process, often fail to meet expectations.

While vendors often portray their products as turnkey solutions that deliver immediate value, research on technology adoption in ERM suggests a more cautious approach. On average, it takes about a year, significant effort from ERM leaders and their teams, and substantial (and sometimes unforeseen) costs to fully deploy any given digital tool for ERM. Given the lengthy time frames to realize value and the costs of technology implementation, CROs and ERM leaders should ensure that technology projects align with long-term ERM strategic planning and objectives.