How often do you survey your organization for new, emerging risks? My company currently does quarterly surveys and I am contemplating dropping it down to 2x/year. Appreciate the insights!

“Great question! Quarterly surveys can definitely give a strong pulse on emerging risks, but I’ve seen many organizations succeed with twice-a-year assessments as long as they complement them with ongoing monitoring and open communication channels. Reducing the frequency could actually improve response quality and reduce survey fatigue, as long as other feedback loops stay active. Curious to hear what others have found effective!

We have an emerging risks committee that is scheduled to meet quarterly but usually ends up twice per year. The committee maintains an emerging risks inventory that is provided to our ERM committee.

We currently do a formal ERM risk assessment annually however through business conversations, it's an ongoing risk discussion, as risks emerge, we evaluate impact to the company and adjust our Top/Watch ERM list if necessary.

2x ideally, but honestly really once a year generally around annual assessment time

It sort of depends how formal processes are related to taking action on the risks identified. We do one annual comprehensive enterprise risk assessment followed by an semi-annual update. If our process was more formal with clear risk owners, there may be a reason for more frequent updates.