They started in the 1950s as purchasers of insurance to protect a company’s assets and balance sheet. Then, in the mid-2000s, buffeted by the financial meltdown of companies during the end of the dotcom era and the start of the subprime mortgage crisis, risk managers started to build up enterprise risk management (ERM) capabilities to protect against risks that could sink the organization.
Now, corporate boards are asking risk managers to expand their role and create value for the business using the insights they have developed about risk and uncertainty. Which corporate strategies create greater risk for the company?
Which risks are acceptable? Which are not?
In addition to being purchasers and protectors, risk managers are now becoming
predictors. How did risk managers get to this phase of their development and what
will they need to prepare for the future?
In the mid-1950s, the role was largely transactional. The basic idea was to make sure you had enough coverage for a claims payout after an incident occurred. Later the focus shifted to identifying, preventing and reducing losses before and after incidents occurred. That could mean any number of things, including managing risks around workplace safety, security (protecting company property), and ensuring business continuity after a loss.