Skip to main content

Using risk prioritization to increase the value of your ERM program

validation risk policy blog
3 min read
Mike Rost
SVP, Investor Relations & Corporate Development
Published: August 23, 2016
Last Updated: June 17, 2023

Maintaining a clear picture of your organization’s risk priorities goes beyond simply having a risk assessment process. 

Many enterprise risk management (ERM) programs and internal ERM best practices are inundated with competing interests. Often, they are too narrow in how risk information is collected, reviewed, and managed. The biggest driver of this lack of focus is that the organization does not understand risk in a single, holistic manner. Across the departments within the organization, there may be different definitions of risk, and therefore different priorities.

The primary responsibility of ERM programs is to review all competing interests to ensure that only the most pertinent, timely, and impactful risks are being understood, managed, and mitigated. Pairing an ERM software with the proper ERM framework, will allow teams to have an easier time in risk reduction and risk analysis.

In order to adequately prioritize enterprise risk management efforts at your organization, ERM teams need to keep all stakeholders in mind—seeking input from across the organization, including the board. Many risk programs treat the board as an output stakeholder. However, actively engaging the board in the risk prioritization process will add much needed perspective. The more input received and perspective gained from all parties, the higher the quality of risk information that feeds into risk prioritization.

Not all risks are created equal

Your risk management strategy needs to be directly tied to organizational strategy—and with a single, common definition of risk. When these strategies are integrated, the ERM team can easily decipher which risks are truly operational in nature versus those risks that could pose as an obstacle to organizational strategy.

In many cases, this approach also allows organizations to better understand risks that are identified and their cascading impact on other risks. A focus on this type of integrated risk strategy allows for a better understanding of your risk environment elements and its true drivers.

Creating a risk culture

For the ERM program to ultimately be successful, the entire organization needs to buy in. Here are five tips to foster a risk culture at your organization:

  1. Be visible, active, and cooperative across the organization
  2. Establish the ERM team as the subject matter experts across the organization
  3. Take a collaborative approach in administration of the program
  4. Ensure the program is transparent across the organization
  5. Take the lead in educating and helping others mature their risk management skill sets

A little effort in these areas will go a long way in the betterment and value of your ERM program. A successful risk culture, coupled with an integrated risk and organizational strategy, will put any risk program on its way to success.

About the Author
illustration of mike rost at Workiva
Mike Rost

SVP, Investor Relations & Corporate Development


As senior vice president of corporate development and investor relations, Mike Rost is a key contributor to the organization's growth with a focus on corporate development initiatives, emerging business areas, and developing relationships with investors and key stakeholders. Since joining Workiva in 2015, he has served in various leadership roles helping to drive the organization's growth, including the scaling of Workiva’s marketing and partner & alliance functions.

With more than 25 years of experience assisting organizations to optimize business processes, Mike has an extensive background in finance, accounting, enterprise performance management and Governance, Risk and Compliance (GRC) technology. Prior to Workiva, Mike served as vice president of marketing at Metricstream and vice president of strategic marketing at Thomson Reuters. Prior to that, he spent more than a decade in product management and marketing positions for SaaS companies and held finance positions at Pillsbury and Rollerblade, Inc.

Mike has been active in industry associations, including the Open Compliance and Ethics Group (OCEG) and the Institute of Internal Auditors (IIA). He was also a founding member of XBRL International (eXtensible Business Reporting Language), the global not for profit consortium for open international standards for digital business reporting. He has also been a frequent speaker at industry conferences on subjects such as finance transformation, data and reporting, and risk and compliance technology. He received his Bachelor of Science in Economics and his MBA from the University of Minnesota.


Online registration is currently unavailable.

Please email events@workiva to register for this event.

Our forms are currently down.

Please contact us at

Our forms are currently down.

Please contact us at