Construction Exec’s Guide to Building an Enterprise Risk Management Team


Your organization’s future depends on the enterprise risk management system you put in place and the team you choose to run it.

That’s a lot of pressure.

As you plot a course for success in a competitive, contentious, and volatile industry, let’s break down what you need to consider when building your ERM team.

What is Enterprise Risk Management (ERM)?

Enterprise risk management (ERM) is a strategic approach to systematically identify, assess, monitor, and control how risk affects every aspect of your organization.

Risk is inevitable in business, and the construction industry is one of the world’s most dangerous, high-risk industries.

Managing the inevitable risks that affect your business is essential to meeting your corporate goals. An effective ERM system can 

  1. Identify and manage the impact of acceptable risk, 
  2. Limit your exposure to unnecessary risk, and 
  3. Mitigate the effects of unforeseen events to prevent the organization’s failure.

Why is ERM Important in the Construction Industry?

Construction firms can benefit from ERM due to the industry’s complex and often risky nature.

Slim margins, tight deadlines, an unreliable supply chain, inequitable contract terms, mid-project design changes, managing multiple stakeholders up and down the value chain, and employee safety on dangerous job sites are all part of the job for contracting firms.

Risks are so common that contractors become unemotional and even complacent about the dangers they face daily.


Changing market conditions have only fueled the fire.

Skilled labor is scarce, the economy is uncertain, owners are more educated, and competition is more robust. As a result, some contractors are pushing hard, increasing their risk exposure and lowering prices.

A long list of companies has gone bankrupt and failed by following this strategy. 

Enterprise Risk Management, not Project Risk Management

Your construction firm depends on its projects to generate the revenue that sustains the business.

Because of this, the natural inclination is to emphasize risk management at the project level (PRM), believing that the firm will do well if each project goes well.

Unfortunately, this assumption is false.

Generally, project managers only care about the current projects they are involved in, not the risks associated with other projects. And they certainly can’t objectively assess future projects on top of their everyday stress and responsibilities.

This discoordination at the firm level causes inefficiencies and a ‘leaky bucket syndrome’ where the firm loses money in bits and pieces across its operations.

These small losses add up and result in cost overruns across the enterprise and eventually decrease shareholder value.

For maximum effectiveness, your ERM system should include strategic risk assessment at the project and business enterprise levels.

Who is responsible for enterprise risk management?

Not who, but how many?

The number of people accountable for your enterprise risk management system depends on your organizational structure.  But in general, your enterprise risk management team should represent everyone in the organization.


Your ERM team may include ten to fifteen members or be a small committee of five to six people. What matters is equal representation of the following roles and disciplines for maximum risk management effectiveness.

Board of Directors

Your board of directors provides corporate and regulatory oversight, so at least one board member should serve on your risk management team.

And if your firm doesn’t have a board of directors, solicit an outside advisor to join your effort. The outside perspective allows you to view your organization from a different angle.

Chief executive officer (CEO)

Your risk appetite got you here, so you should be involved. Just remember that you want what’s best for the organization. Trust the professionals closest to work and take their good counsel to heart.

Chief operating officer

Your COO is closer to the daily operations, which can be both a blessing and a curse. Their insights are enormously valuable, but their current responsibilities and struggles can sometimes cloud their judgment. Therefore, it’s essential to measure the COO’s input alongside the advice of the other specialists on your ERM team.

Chief strategy officer

Your ERM team should include a chief strategy officer or someone representing your strategic business goals, innovation, or research. Their input helps balance corporate risk management against the organization’s strategic business goals.

Chief risk officer (CRO)

The CRO leads the ERM team. CROs generally have a broad range of experience but typically have a deep knowledge of financial, legal, or statistical analysis. Their decision-making skills can make or break your ERM strategy, so choose the person for this role wisely.


Chief financial officer and chief audit officer

Fiduciary representation may be one person, two people, or an entire team. But, again, the size and revenue of your organization will determine the value at stake and the number of members needed to make wise, well-informed decisions.

Your general counsel provides much-needed oversight, support, and guidance in all legal, regulatory, and liability matters. Therefore, legal counsel representation is an absolute must for your ERM committee to be effective.

Chief human resource officer

CHROs are responsible for managing and minimizing employee-related risks. Your HR executive works closely with the chief safety officer and the internal teams responsible for recruiting, training, and protecting your most valuable resource.

Chief safety officer

Your chief safety officer (CSO) creates and implements the policies and procedures that minimize job site risk and protect your employees, subcontractors, and the suppliers that visit your job sites. Their input is crucial to your overall corporate risk management strategy. 

Chief compliance officer

The CCO’s importance cannot be overstated.

Chief compliance officers are vital management team members and play a critical role in the ERM system. The CCO ensures the organization abides by all applicable laws, regulatory requirements, policies, and procedures.

In this 2021 report, Gartner asserts that “CCOs have never been more important to corporate success.” 


Gartner also recommends that chief compliance officers shift their perspective to match the organization’s needs by following these four models, depending on the context.

  1. Strategic business advisor
  2. Culture and ethics steward
  3. Technology and analytics champion
  4. Forger of aligned assurances

Chief sustainability officer

Sustainability is the crisis of our generation. 

The construction industry is a significant participant in this crisis and has a unique perspective on the challenges, risks, and opportunities.

Chief sustainability officers work with senior management, procurement, resource managers, subcontractors, suppliers, shareholders, and employees. 

Their mission is to develop and implement policies to conserve energy, eliminate waste, and decrease the scope of the firm’s environmental impact wherever possible.

Information, privacy, security, and communication officers

The following positions manage data, information, communications, corporate reputation, and cybersecurity. 

  • Chief information officer
  • Chief communications officer
  • Chief digital officer
  • Chief privacy officer

The variety of software programs, apps, and internal and external data networks that construction companies rely on create a wide variety of business opportunities. But these systems can also present significant risks. 

Networks and other data technologies are vulnerable to cybersecurity threats, information leaks, and other risks.

Stakeholder and marketing communications are susceptible to misinterpretation and can harm the company’s value and reputation.

Your internal risk management team needs to include data, technology, communication, and marketing professionals who can identify and manage risks that endanger your organization.

Estimators, project managers, supervisors, and frontline employees

One of the most significant barriers to effective risk management is company culture.

Employees often fall into group thinking. And if there are no risk-aware leaders in the field, your crew members are unlikely to identify risks, voice concerns, or report risks on their own.

Even employees aware of risks will hesitate to report bad news for fear of reprisal from superiors or management.

Creating a risk-aware culture requires a clear commitment from the board and senior management and involves all the stakeholders within an organization–including front-line workers.


The benefits of enterprise risk management in construction

The primary goal of ERM in construction is to manage risk effectively while allowing your company to pursue opportunities that will accelerate its growth into the future.

An effective ERM program will allow you to

1) Identify risks before they become problems;

2) Determine appropriate responses;

3) Communicate effectively throughout your organization; 

4) Monitor and mitigate risks effectively;

5) Focus on core competencies;

6) Assign appropriate resources to manage risks effectively;

7) Improve decision-making by evaluating risks proactively instead of reacting after a problem has occurred, and

8) Improve your firm’s overall performance by identifying opportunities for improvement before they turn into problems.

Enterprise risk management can limit and control the risk of failure in this industry, and the members you choose for your ERM team are instrumental to the success of your program.

An enterprise risk management platform built for construction

Get a free, custom demonstration of the Linarc collaborative enterprise management system today.

Linarc is a cloud-based enterprise management system built solely for collaborative, data-driven construction management.

  • Seamless collaboration
  • Easy file sharing
  • Common communication platform 
  • Real-time updates on project progress
  • …and so much more

Connect with a Linarc representative and see what the power of software technology can do to improve the management of your enterprise.

Connect – Build – Thrive with Linarc construction management software.