But at its worst, ERM could be a choke point, preventing insurers from growing out of fear that the risks involved are always too great and leaving them circling the wagons to defend an unsustainable status quo.

It's fair for an enterprise risk manager to say, “Don't just do something; stand there,” if they have valid concerns about their carrier going too far out on a limb. But they should also recognize that at times they must follow the credo, “Don't just stand there; do something!” By all means make sure the risks involved are transparent and accounted for with contingency planning, but don't allow an obsession with the worst-case scenario to unreasonably hinder growth possibilities.

One way to avoid the dreaded Gloomy Gus syndrome is to make ERM a way of life at an insurance company—part of a carrier's DNA, rather than just a perfunctory checklist everyone must complete to satisfy stakeholders that someone sensible is minding the store.

Ideally, ERM should be “owned” by each department, rather than only being the enterprise risk manager's bailiwick. If everyone is encouraged to think big and take chances while leaving the ERM department as the sole voice of reason, this critical function isn't likely to work efficiently.

Every department head needs to take risk into account—and be accountable for preventing unnecessary risks—when they suggest and implement any new initiative. In this model, an enterprise risk manager is more of an educator, coordinator and facilitator—not just the killjoy putting the kibosh on every new idea.

While most insurance companies have long since adopted some form of ERM, much work remains to be done at many carriers to increase the discipline's breadth, depth and sophistication.

Let's start with the leader of the pack. Those who direct an insurer's ERM program can't do much good if they are not invited to the table until well after the party has already started—or worse, only when it's time to clean up the mess other department leaders have left behind.

That means the head of ERM needs to be involved in key strategic decision-making: from product development to underwriting, distribution to claims, technology enhancements to talent recruitment, advertising to reputational risk. Making ERM the last consideration in any of these areas will likely leave insurers behind the eight-ball at some point.

But if they want to be invited to the table, ERM cannot be seen as just a party pooper. To avoid this perception, ERM leaders would do well to meet their colleagues halfway and create an environment that balances sound risk aversion against the potential payoffs of innovation and the benefits of taking calculated risks.

ERM is on the rise, driven both by forces external (such as new demands from regulators here and abroad, rating agencies, and investment analysts) as well as internal (such as calls by boards of directors for greater accountability and transparency on how risk is identified, quantified and managed).

Many insurers are already doing a better job integrating ERM into their standard operating procedure while spreading ownership of risk into each facet of a carrier's strategic decision-making process. Such work goes beyond the creation of quantitative models, with more emphasis being placed on governance, infrastructure and disclosure.

One way to take ERM to the next level and avoid the “Gloomy Gus” tag is to capitalize on how risk is managed to differentiate an insurer from the competition. In this context, ERM could be a tool for growth. The challenge facing ERM is how to leverage risk to achieve a competitive advantage.

Those in charge of ERM ideally should be an equal partner with their peers across an insurance organization, with everyone committed to both growth and sound risk management. The two goals are not incompatible, even if Gloomy Gus might insist otherwise.