Skip to main content

Enterprise risk management (ERM) UK survey 2021

A refocus on risk and resilience

September 2021

The Deloitte enterprise risk management (ERM) UK survey 2021 focuses on the impact of the risk function in the wake of the COVID-19 pandemic. The pandemic revealed the need to link risk and resilience more closely as emerging risks can lead to real threats much faster than anticipated.


The global pandemic has demonstrated how the value of risk management needs to evolve. The accelerated adoption of technology, changing global landscape and changes to working practices have surfaced new risks and opportunities. Our survey of 44 UK-listed organisations across multiple industries, highlighted the importance of planning for extreme disruptions of business and therefore heightened levels of strategic and operational resilience. It also shows companies remain divided as to how prepared they are today for the kind of risks they have faced over the last year - or are likely to face in the future.

The challenges presented by the pandemic pushed corporate risk management functions into the spotlight. It highlighted that they are essential parts of the corporate whole that increasingly occupy the strategic stage.

Our key findings

Corporate risk functions increasingly occupy the strategic stage

64% of companies report to the CFO or CEO as the corporate sponsor of risk

The COVID-19 pandemic revealed the need to increase organisations’ focus on resilience

86% of companies believe in varying degrees that their organisation needs to be more resilient

Technology and automation are critical but often under-used

• Less than 23% of companies employ a technology enablement strategy to help deliver their risk strategy

Our data shows that whilst more than 80% of respondents are confident in their ability to identify high impact events that can lead to shocks, only 30% believe that they have clear visibility of the measures, options and levers available when shocks or disruptions occur.

Looking ahead

The pandemic has highlighted the importance of planning for extreme disruptions of business, and the very real fact that emerging risks can become active threats much faster than many businesses anticipated. To thrive in the new normal, risk leaders must act now to flex, align and respond quickly to volatile economic conditions and changing work practices, while continually monitoring which changes are temporary responses to the pandemic and which are destined to become permanent.

As risk functions continue their journey to maturity and build enterprise-wide resilience in the post-pandemic world, they are presented with an opportunity to facilitate risk-based decision making at the most senior levels of the organisation. This challenge can be met by moving beyond its niche, and integrate its processes and thinking throughout the organisation and embedding enterprise wide resilience that ERM professionals in this survey say is essential… or risk becoming obsolete.

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey