What is the purpose of a belief system

Enterprise Risk Management: Belief System or Management Tool?

Enterprise Risk Management (ERM) is now positioned by many advocates as an indispensable management tool. Standards, frameworks, consulting firms, trainers and regulators all promise a positive "return on ERM investment". However, so far there have been no reliable empirical studies that show causal relationships between ERM activities and ERM success factors. ERM seems to have developed into an isolated belief system that also ignores knowledge from risk-relevant disciplines such as decision theory, cognitive psychology and probability theory.

Starting position

"Half of the decisions made in organizations fail, making failure far more prevalent than previously thought" [1]. Decision-making situations under uncertainty (risk) represent a major challenge for the company's success. It seems logical that company-wide risk management (ERM) is slowly gaining acceptance in many sectors and industries and across companies of different sizes. In the current pandemic in particular, management committees have an increased demand for information to support decisions with objective risk assessments. Specialists and executives from science and practice are also increasingly recognizing ERM as a decision-making management tool. Among other things, the following benefits are ascribed to an ERM:

  • A well-founded risk analysis improves the quality of business decisions by increasing the comparability of the various strategic options and the associated risk-return profiles, thus creating an ideal business portfolio.
  • Companies get an overview of all risks, opportunities and their respective dependencies in a risk portfolio. This enables decision makers to analyze the overall risk and its potential impact on business goals.
  • Risk aggregation makes it possible to control the overall risk position in comparison with the risk appetite. This leads to decisions that are in line with the company's risk attitude. Companies using aggregation techniques can benefit from a risk diversification effect.
  • Effective risk management can lead to more stable cash flow, lower costs of capital through improved ratings and better use of equity (risk capital).
  • Lower volatility in the share price leads to increased investor confidence. This can have a positive effect on the company's value.

The relevance of ERM has grown in recent years, as has the expectation of ERM to create added value for companies. From a practical point of view, this claim is justified and the spread of ERM is accordingly to be welcomed. The critical question now arises as to whether these requirements can be met in operational practice or whether there is not much more wishful thinking involved, which is fueled again and again by standards institutes, consulting firms, software providers and others.

ERM and the signs of a belief system

How can it be measured whether ERM actually lives up to the value proposition from standards, frameworks [2], legal texts and anecdotal evidence (experience reports)? Or to put it another way: Which benchmarks can scientists and practitioners use to assess whether ERM generates added value or, in the worst case, even brings economic damage? Is there solid evidence under what circumstances ERM may or may not work? Does the full implementation of a norm or standard mean that ERM brings added value?

Paradoxically, in some disciplines there is reliable evidence (for a long time) outside of the actual core issue of ERM, which can be used to develop a decision-making management tool. The knowledge available today from decision theory, probability theory, new expectation theory and cognitive psychology help to construct a “benchmark” that ERM can be compared with. Unfortunately, the developments in the ERM in recent years have acquired a momentum of their own, which not only neglects these findings, but sometimes completely ignores them. The fact that ERM has nonetheless become a popular and increasingly sought-after management tool is due to the fact that it has developed into a kind of "belief system". [3] By definition, belief systems are not provable and postulate laudable goals. Its advocates and supporters believe with conviction in functioning relationships, rules and processes related to a certain issue (in this case "ERM"). [4] Often this happens without reflecting on why people have acquired such a belief system in the first place. Often times, belief systems are sustained by affective (emotional) components. In the following, selected characteristics of an ERM are compared with characteristics of belief systems and discussed.

The entire article appears in CFOaktuell (issue 2/2021). More information at: www.cfoaktuell.at


[1] Nutt, P. C. (2002), Why decisions fail: Avoiding the blunders and traps that lead to debacles. San Francisco: Berrett-Koehler Publishers, Inc., p. 22.

[2] There are now more than 80 different risk management standards and frameworks coexisting worldwide, with popular representatives among others. ISO 31000, COSO ERM and ONR 49001 are.

[3] Grant Purdy first brought the term “Belief System” into connection with ERM in a lecture at the online Risk Awareness Week (RAW) 2019.

[4] It is not the aim and purpose of this article to discuss belief systems and their characteristics in full and in detail. Rather, it is about using belief systems as a rough thought model and as a metaphor for the state of today's ERM systems.

Training tips

4th GRC annual meeting | Annual forum for governance, risk and compliance | Info and registration

Certified Corporate Risk Manager | Identification, assessment and management of risks | Info and registration

Structure and use of an ICS in theory and practice | Yes, your ICS can create value | Info and registration

Keywords:Enterprise Risk Management (ERM) system, GRC, risk management