Turning Crisis into Opportunity: Building an ERM Program at General Motors


Assistant Director, Enterprise Risk Management, GM


Assistant Director, Enterprise Risk Management, GM


General Auditor, GM

This case study chronicles the ground-up implementation of enterprise risk management (ERM) at General Motors Company (GM), starting in 2010 through the first four years of implementation. Discussion topics include lessons learned during implementation and some of the unique approaches, tools, and techniques that GM has employed. Examples of senior management reporting are also included.

I think risk management is an element of all good executive management teams and boards. It will ensure viability in downturns and high-risk periods. I think if that is done not only within the automotive industry, but on a global and specifically on a national scale, economies will be in better shape because it is additive.

If everybody is doing their job in assessing and understanding risk, the ultimate outcome will be much more positive for our national economy and society, and it is incumbent that corporate leadership understands that responsibility.

– Daniel F. Akerson, Chairman and Chief Executive Officer,

General Motors, October 2012


The enterprise risk management (ERM) program at General Motors was founded in late 2010 at the direction of GM's then newly appointed chief executive officer (CEO), Daniel F. Akerson, who sought to leverage the program as another means to achieve a competitive advantage in the industry. Having gone through bankruptcy in 2009 as a new board member, Akerson felt that a more robust risk management program would help guide the organization around the drivers of killer risks[1] going forward. His goal was to help the company ensure that it was prepared, agile, and fast to respond in an ever-changing world. Perhaps most importantly, Akerson wanted an ERM program that would focus not only on risks but on opportunities as well.

A chief risk officer (CRO) was selected and appointed from within, and the Finance and Risk Policy Committee of the board of directors was chartered to oversee risk management as well as financial strategies and policies. In support of the program, a senior manager and director joined the team. Risk officers were also identified and aligned to all direct reports of the CEO; this helped to ensure that all aspects of the business were covered. The CEO is the ultimate chief risk officer, and his direct reports are the ultimate risk owners. Members of the risk officer team were carefully selected by senior leadership based on their strong business experience, financial acumen, and most of all their ability to lead in the identification and discussion of risk in an objective and transparent manner. These representatives were expected to actively participate in the evolving ERM program while still handling their existing responsibilities.

In 2011, the general auditor and CRO roles were combined, and in support of this change, the Audit Committee assumed oversight of risk management. The Finance and Risk Policy Committee continued its focus on financial policy and decision making.

  • [1] Killer risks are those that would have a major effect on the short- or long-term profitability of the enterprise.
< Prev   CONTENTS   Next >