The Role of ERM in Changing Risk Culture

Jennifer Hills
Director, Office of Risk Management Services, King County (WA)
background image

The primary objective of an ERM program is to make risk management an integral part of organizational strategic and business planning processes, as well as a regular part of decision making. ERM provides a framework for using quantitative and qualitative information to evaluate risks and opportunities. ERM can also help transform the organization’s risk culture from risk averse to risk optimized.

An ERM program can demonstrate value right away by broadening the conversations about risk. Beyond operational or insurable risks, ERM identifies risks and opportunities in various areas such as reputational risk, strategic risk, compliance, workforce and safety risks. These risks can be prioritized and evaluated in an Enterprise Risk Register. It can take the form of a heat map displaying significant challenges and opportunities. It’s a way to gather data to assess the risks and document countermeasures.

To ensure the Risk Register reflects the broader goals of ERM, the risks identified do not need to have a significant loss history or the protection of an insurance policy. For example, the risk of inadequate succession planning can be a high priority risk on an Enterprise Risk Profile. There is no significant loss activity associated with it, but the operational and strategic risks are clear – loss of institutional knowledge. There is also opportunity to be gained from retirements. An opportunity to increase diversity, to have the workforce reflect the community served and to find new and innovative ways to serve customers.

ERM is similar to traditional risk management when it comes to risk assessment (identify, analyze, select, implement, monitor). However, ERM aligns to the organization’s mission and objectives, and takes into account the amount of risk that leaders are comfortable taking. There are many helpful tools to reconsider how to think about risk. One such tool is the Risk-Value curve, which comes from the Consortium for Advanced Management International. It depicts the relationship between risk and value along four zones. In the first zone, risk is low but so is value. This area shows that too much emphasis is placed on mitigation and avoidance of risks. An organization that makes decisions in this zone is inefficient, prioritizing compliance and risk mitigation over opportunity and value creation.

In the second zone, risk is optimized. The organization is taking on risks up to its tolerance level and maximizing value. Once the high point of the curve has been passed, organizations are in a high risk-interaction zone and key risk indicators become extremely important. In the last zone, the organization may be in crisis mode and should actively seek risk management tools (insurance, crisis management, public relations) to pull itself out of the crisis and into a more optimized zone. Decisions need to be quick and creative.

Focusing on risk and value together starts to change attitudes about risk. Conservative behaviors around risk aversion and mitigation transform into a balanced and informed risk-taking culture. This can be the beginning of a risk culture change: attitudes shape behaviors which form culture.

ERM can help shift an organization’s risk culture away from risk-averse decision making by providing the tools and support for balanced risk taking. In this way, ERM can help an organization to meet objectives and make progress toward its mission.

By: Jennifer Hills
Director, Office of Risk Management Services, King County (WA)

Summary of Qualifications

As director of the King County Office of Risk Management Services, Jennifer leads a team of dedicated and talented risk management professionals who were nationally recognized in 2018 with the PRIMA Risk Manager of the Year and RIMS Risk Management Honor Roll awards. Jennifer is passionate about changing King County’s risk culture from risk-averse to one that is taking balanced risks within the established risk appetite. Jennifer is a frequent speaker on enterprise risk management and risk-value management. King County, which includes the Seattle-Bellevue metropolitan area, is the 13th largest county in the United States and serves a population of over 2 million.


Strategic Planning
Employee Engagement
Risk and Value Management
Program Governance and Execution
Enterprise Risk Management
Insurance Portfolio Management

Business Experience

Director, Office of Risk Management Services, King County, WA (2003 – Present)

Establishing a culture of balanced risk taking through ERM and a risk-value framework
Integrating Enterprise Risk Management methods and processes in strategic and budget planning to comprehensively manage risks and seize opportunities in alignment with King County’s values and within established risk appetite
Managing a broad and effective risk management program using self-insurance and commercial insurance coverage for general liability, workers’ compensation, property, aviation, marine, cyber, employment practices, public officials, crime, pollution, and other exposures
Providing strategic direction for risk management lines of business through a staff of 30 and an $84 million biennial budget
Managing claims and litigation equitably and responsively

ERM Experience

Implemented ERM in King County, including:

Enterprise Risk Register
ERM Work Group
Risk Profile required by every county agency as part of business planning/budgeting
Success of the ERM program has led to a risk culture change from risk averse to optimized
Professional Affiliations

Past President of Washington Chapter of PRIMA
Current member of PRIMA and RIMS


University of Washington, Bachelor of Arts in Business Administration
Insurance Institute of America, Associate in Risk Management and RMPE
National Alliance for Insurance and Education, Certified Risk Manager

Sign Up for Our Education Newsletter

You Might Also Be Interested In