Skip to main content
main content, press tab to continue
Article | Managing Risk

Five steps towards smarter ERM for food and beverage businesses

By Sam Haslam | July 4, 2023

Well-designed enterprise risk management (ERM) frameworks can unlock sustainable success. What are the key steps for designing effective ERM for your food and beverage organisation?
Claims|Corporate Risk Tools and Technology|Work Transformation|Risk Management Consulting|Benessere integrato
Directors and Officers risk insights|ESG In Sight|Risk Culture

Considered risk-taking is fundamental to success. Your business faces many risk/reward trade-offs: How can you know when taking on an ambitious order from a new customer is worth doing, given the constraints it could put on delivering other lines, to give one example of the risk/reward trade-offs your business faces.

ERM frameworks enable you to answer this and make a multitude of risk/reward assessments consistently and in ways that demonstrate auditable risk governance.

ERM offers a range of tools and tactics to fully understand risk, allowing you to assess the potential positive and negative implications of risk and the mitigation steps to respond to these efficiently.

In this insight, we look at five key steps towards establishing an effective ERM approach and how you can start to apply these to your food and beverage business.

Understand the core purpose of ERM

ERM is not about becoming more risk adverse or pushing the business to be more cavalier about risk. Instead, it’s about having a consistent methodology that deepens the business’ understanding of exactly what it’s willing to put at stake to chase opportunity.

The rigour ERM offers can overcome risk inertia in businesses that haven’t yet experienced, for example, business interruption, prompting an ‘it will never happen to us’ stance liable to see the business unprepared to react in a way that keeps losses under control.

ERM can also ensure best practice doesn’t exist in isolated pockets. Many food and beverage businesses have robust risk management strategies focused on health and safety and product quality, or increasingly, supply chain and climate risk. We are seeing an increasing number that would benefit from a more robust ERM framework to harness a more sustainable growth plan. ERM frameworks extend this risk vigilance across all operations and strategy, ensuring business leaders get the wide-angle view of all the risks likely to either power the business to the next phase of growth, or undermine meeting its strategy and vision.

We are seeing an increasing number [of businesses] that would benefit from a more robust ERM framework to harness a more sustainable growth…”

Sue Newton | WTW GB Food and Beverage Leader

ERM provides the c-suite with the information they need to answer the big questions: Have we got a complete picture of all the risks that should be on our radar? Where can we take more risk? How do we know we’re comfortable pursuing this growth opportunity?

Tailor ERM to your food and beverage business

ERM isn’t a one-size-fits-all approach to managing risk. You can design your ERM approach to fit your unique food and beverage organisation’s priorities and strategies to both answer those specific questions front-of-mind for senior stakeholders, and identify those issues not yet on their risk radar but that could nevertheless threaten profitability.

This might be about mitigating the potential human rights challenges of a new raw material supplier, identifying the most efficient approach when a piece of machinery begins to depreciate, or alternatively, interrogating if increasing cyber risk through greater production automation is worth accepting, to give a few examples.

If your organisation is completely new to ERM, it’s advisable to avoid going from a standing start to a complex framework. Establishing an effective ERM framework can be an iterative process that’s less likely to overwhelm internal stakeholders.

In the rest of this insight, we’ll look more closely at steps you can take on the journey towards smarter ways to manage and optimise risk using ERM, specifically:

How to establish risk appetite

Defining your organisation’s risk appetite is a crucial first step: How much risk are you willing to take in pursuit of your goals? What exactly is at risk?

Risk is not a uniform concept. Different businesses will define risk in their own ways and what drives value differs between models. What level of loss would undermine your financial resilience? What about the issues beyond the finances, such as reputation, the ethics of partners across the supply chain, the expected quality of your product? Which of these might be at stake when you take decisions and to what degree are you willing to put these on the line? Risk appetite is about identifying this and building a framework of metrics around at what point you’re comfortable pursuing opportunities and when you should walk away.

A risk assessment matrix is a cornerstone of your ERM framework. It is a visual and practical representation of your impact and likelihood criteria and, through the identification of a specific appetite score or range, allows your stakeholders to be clear on the specific point at which a combination of risk impact and likelihood becomes unacceptably risky and requires action to mitigate the risk. This approach also helps to establish an audit trail demonstrating that risks taken are reasonable, measured and monitored, and enables you to interrogate novel risks and opportunities in a consistent way.

For example, introducing electric vehicles (EV) could represent gains in terms of reducing carbon emissions and meeting your climate action obligations. But how do charging stations for EV in your warehouses change your risk profile? Establishing your risk appetite will empower you to decide whether or not to transition your fleet to EV now, transfer the risks or establish a system of rigorous risk controls, such as expanding the footprint of warehouses to mitigate the potential spread of battery fires, for example.

Graphical representations can incorporate opportunity, magnitude of associated risk and likelihood of a risk manifesting. These representations can help stakeholders quickly identify those openings in the ‘green’ or ‘red’ zones, putting numerical values against the risks and/or opportunities to support an auditable and repeatable way of making risk/reward decisions which can adapt as new risks emerge or the profile of existing risks changes.

How to develop a risk register

Risk registers capture the risks facing your business and typically provide some narrative around the nature of the risk and who is responsible for the requisite controls. It’s the means of converting theoretical ideas of risk and opportunity into practice.

An effective risk register…could be a document, spreadsheet or an interactive tool providing dashboards and alerts.”

Sam Haslam | WTW Risk Management Executive, WTW

An effective risk register needs to work for your business, your culture and what you’re trying to achieve. It could be a document, a spreadsheet or an interactive tool providing dashboards and alerts. Regardless of form, your register needs to be a single source for a holistic picture of risk and be regularly updated by the owners of individual risks, typically at least quarterly.

Mapping insurance against an ERM risk framework

Your insurance is a core component of your ERM but perhaps the business has had insurance in place before you established the core elements of ERM, such as setting risk appetite and creating the risk register.

You need to put these pieces together. This will allow you to ensure you’re optimising spend on insurance and wider risk mitigation and transfer measures.

Undertaking gap analysis aligned with risk appetite and the risk register should reveal whether you have adequate risk controls or insurance protection and identify where you are duplicating risk mitigation/transfer costs or efforts.

Gap analysis could involve working collaboratively with the various owners of risks on the risk register to answer questions such as: Do you really need to buy insurance, and do you have the data to back this up? Where is insurance the optimum response to a risk, rather than a series of complicated and costly controls?

How to build-in effective risk review

Implementing an ERM approach is not a one-off activity but a way of managing risk that allows you to continually stay on top of shifting risk landscapes. Undertaking regular risk reviews, supported by the information you have captured in your risk register, allows you to answer questions such as: Where are you below your appetite this quarter and where might you discover opportunities in this space? Would pursuing these opportunities represent a major, moderate or minor risk? How has the likelihood and impact of this risk changed in the quarter?

A regular and robust risk review process ensures the risks you have identified, and their impact/likelihood scores remain accurate and relevant, enabling you to apply your risk appetite consistently and respond to any risks carrying increasing threat levels. It also enables you to capture emerging and horizon risks in good time, giving you the breathing space to create and execute a mitigation plan before the risks become unacceptable.

For example, while nanotechnologies can improve food safety and lengthen shelf life, the longer-term health implications might not always be fully understood. Nanotech is a rapidly changing area so both your understanding of the risk posed and the degree to which it can be controlled is likely to change rapidly. A robust risk review process as we’ve described is agile enough to assess these complex issues and give the business both a direction and a transparent rationale for choosing this path.

ERM takes away the personal and the potentially irrational from managing risk. Establishing your framework and risk review processes should both be supported and informed by data.

In an era of rising costs and thinning margins in the food and beverage sector, a structured and tailored ERM framework removes the guesswork and gambling from pursuing growth as new risks and opportunities emerge.

For expert help discovering smarter ways to manage risk in the food and beverage sector, get in touch.


Risk Management Executive,


GB Food and Beverage Leader

Contact us