The Future of ERM: 12 Hidden, or Not So Hidden, Threats
# 5 Data Overload Without Insight
Enterprise Risk Management was designed to bring clarity to complexity. Yet in many organizations, it has become a generator of more data than insight. Dashboards, key risk indicators, and detailed reports are everywhere, but they often fail to answer the most important question: so what?
Executives can access an abundance of risk information, but the challenge is not access. It is interpretation. The result is that ERM programs, once meant to simplify and inform, now risk drowning in their own output.
The Problem: When Data Becomes the Destination
ERM has reached a point where success is often measured by the number of key risk indicators tracked, the length of risk registers, or the volume of reports produced. As I have seen across organizations, ERM has shifted from being a function that accelerates and improves decision-making to something that simply “has to be done.” It satisfies a requirement but rarely changes how executives think or act.
When data becomes the destination rather than the means to better decisions, it becomes something filed away for proof rather than used for action. It is like a manual, important to have, but rarely read, referenced, or used to change behavior.
Dashboards and reports are often circulated but seldom influence executive discussion or board decisions. Companies claim their reporting informs leadership dialogue, yet it is rare to hear an executive say, “because of what we learned from this dashboard, we changed our approach to reduce downside risk or capture a new opportunity.” Awareness without action achieves little.
Too often, ERM focuses on what is measurable instead of what is meaningful. Metrics are easy to count, but meaning is harder to capture. Many of the most important indicators of organizational health, whether trust, leadership alignment, culture, or adaptability, are difficult to quantify, so they are excluded. In doing so, ERM can miss the opportunity to help organizations understand what truly matters.
The Illusion of Precision
Data abundance can create a false sense of control. The logic goes that if something can be measured, it can be managed. Yet, like a lucky jersey worn on game day, the comfort is mostly psychological.
Many risk dashboards create the illusion of foresight rather than the substance of it. The colors are perfect, the visuals sophisticated, and the key performance indicators precisely calculated. But the story underneath is often incomplete or outdated. The data tells us what is being tracked, not necessarily what is actually happening.
I have built my share of polished presentations and dashboards for boards and Audit Committees, knowing that the content beneath them was thin. Most ERM professionals have. The pressure to produce something impressive can outweigh the time needed to ensure it is meaningful. Those who admit this behavior risk being labeled disruptors or non-team players. Yet the real disruption comes when executives make decisions with misplaced confidence in data that lacks context or is incomplete.
In many organizations, far more time is spent explaining data than interpreting it. Risk owners can present the same information in multiple ways until it fits a preferred narrative. Confirmation bias, interpretation bias, and the desire to reinforce existing strategies all play a role. The result is the same cycle: ERM presents data, discussions stay surface level, and little changes. Rinse and repeat.
We also confuse being data-driven with being data-dependent. A fitness tracker provides data, but not the full picture. It might capture heart rate and sleep, stress, hydration and diet, but not context. It might record a heart rate spike as “bad stress” rather than exercise or actively sitting in a sauna. ERM operates the same way when it relies solely on structured data. Without verification, bias testing, and context, even accurate data can mislead.
The same applies to other decisions we make in life. We can read reviews before a trip or rely on online ratings, but how do we know the information is complete or unbiased? The lesson for ERM is that data-driven decisions require more than numbers. They require validation, balance, and common sense.
The Human Element
The strength of ERM is not in data collection but in interpretation. Risk professionals are part analyst, part facilitator, and part psychologist. They must understand numbers, but also people.
Human behavior, context, and mood all affect how information is received and acted upon. A difficult morning can color how someone interprets a risk discussion in the afternoon. Bias is not limited to data; it lives in people.
The ability to translate data into narratives executives can act on depends on both the risk owner and the ERM professional. Data alone rarely tells a story. The facts must be interpreted, prioritized, and communicated with clarity and purpose. Some professionals can analyze but not explain. Others can explain but not connect the dots to strategy. The best can do both.
Data should not silence experience or intuition. The best risk discussions integrate quantitative information with qualitative judgment. Too often, ERM silences creative or contrarian thinking by pointing to the “hard data.” Yet even hard data can mislead.
Think of the statistic that “nine out of ten dentists recommend” a toothpaste. It sounds clear, but what was actually measured? Was it taste, effectiveness, or marketing familiarity? How many dentists were surveyed, and what questions were asked? In the same way, ERM must challenge how data is gathered, analyzed, and presented. Numbers do not eliminate the need for logic and reasoning; they make those skills more important.
ERM professionals should view themselves as seekers of knowledge and truth. They should question the completeness of data, validate assumptions, and invite diverse perspectives. The goal is not to prove a point but to understand reality.
The Strategic Gap
Data without context rarely changes decisions. Quantitative information alone cannot help executives see the full picture. For ERM to be relevant at the strategic level, it must combine objective data with subjective understanding.
Executives need decision-quality information including facts that are vetted, unbiased, and contextualized. They need both the numbers and the narrative. ERM’s role is to filter, validate, and interpret the data so that leadership can make choices that optimize both risk and opportunity.
Today, many dashboards are disconnected from strategy. They exist as standalone exercises rather than integrated tools that shape strategic priorities. ERM professionals may read analyst reports and annual filings, but few are invited into strategy formation. The same disconnect exists for risk owners, who understand their operational exposure but not necessarily how it fits into the broader business objectives.
When risk metrics fail to influence strategy, they become background noise. They are part of the meeting, but not part of the decision.
The Path Forward: Turning Data into Insight
Decision-quality data for ERM combines quantitative accuracy with qualitative context. It is vetted, timely, and relevant to strategic goals. It requires faster iteration and the discipline to focus on what matters most.
ERM must move beyond aggregation to interpretation. Data should be filtered, prioritized, and challenged. The role of ERM is not to tell executives what they want to hear but to provide what they need to know. The function must care more about what is right for the organization than what is convenient for any one person or department.
ERM also needs to move from reporting to storytelling. Storytelling with data is not embellishment; it is clarity. It means using facts to reveal meaning and implications. It turns information into understanding.
The conversation between ERM and business leaders should be supported by data but not dominated by it. The best discussions happen when data informs human judgment, not replaces it. ERM professionals have the unique advantage of being neutral. They are not the owners of risk, nor are they rewarded or punished for taking or avoiding it. That neutrality is what allows ERM to be objective, fair, and trusted.
The future of ERM will not be defined by how much data it produces, but by how effectively it helps organizations think. The goal is not more information, but better insight.
Let’s discuss how to keep your risk program moving forward without missing a beat.
Click here to schedule a Discovery Session or use the Discovery Session button on my website.