Transcript: “Managing Enterprise-Wide Risks: The Intersection of ERM & Legal” : TheCorporateCounsel.net Blog

April 6, 2023

Transcript: “Managing Enterprise-Wide Risks: The Intersection of ERM & Legal”

We have posted the transcript for our recent webcast – “Managing Enterprise-Wide Risks: The Intersection of ERM & Legal” – in which J.T. Ho of Orrick, Derek Windham of Tesla, Jeff Levinson of NetScout, Ming-Hsuan Elders of American Express and Stephanie Bignon of WestRock Company address the focus on enterprise risk management and the role that legal departments play in this process. Here’s an excerpt from Derek Windham’s comments on the differences between traditional risk management and enterprise risk management:

One of the biggest differences for our listeners to understand between traditional risk management and enterprise risk management is that with traditional risk management, the focus has fundamentally been more on risk avoidance. Essentially, this view treats risk as a four-letter word, whereas ERM really is about risk balancing, in recognition of the fact that some risk-taking can be a good thing.

You use the word opportunity and that’s a good concept. Often, risks can lead to opportunity and competitive advantage. Rather than being about risk avoidance, ERM is more like a framework of informed risk-taking. To weigh and balance risks effectively in this framework, you need to define your company’s risk culture and your risk appetite, and then manage risk to fit within this risk profile. In other words, you have to clearly define your strategic operational and financial risk tolerances so you can align your risk choices and optimize with return. The reason that this is one of the most important distinctions for this group to be aware of is that it directly aligns with the core functions of good business-aligned attorneys. To be most effective as business partners, it’s fundamental for attorneys to move away from the risk avoidance mindset and customize it to enable informed and strategic risk balancing by their clients.

Another core difference is highlighted by use of the word “enterprise” in ERM. Whereas traditional risk management was siloed with each department identifying and managing risks within their own towers, ERM is focused on a holistic cross-departmental view. This is an important distinction for this group because it ties directly into how the board should best oversee ERM, how management should define and execute on an ERM program and how legal can support these processes.

– Dave Lynn