Let’s be honest for a second. When you hear the words “Enterprise Risk Management,” what comes to mind? Probably a thick binder of procedures, endless compliance checklists, and maybe a few meetings that could have been an email. It often gets a reputation for being the department of "no."
But what if we looked at it differently? What if ERM wasn't just about preventing bad things from happening, but about creating the stability and confidence to make great things happen?
That’s the story playing out right now, and RIMS—the risk management society—just put a spotlight on two organizations that are absolutely nailing it. They recently handed out their 2025 Global ERM Award of Distinction, and the winners give us a fascinating look at how to turn risk management from a chore into a competitive advantage.
So, let's pop the hood and see what world-class risk management actually looks like.
And the Winners Are…
The two organizations taking home the hardware this year are The Port Authority of New York and New Jersey and SOCAR Türkiye.
These aren't small-time players. We're talking about a massive US transportation authority and a major regional energy company. They operate in completely different worlds, but they both figured out the secret sauce to making ERM a core part of their success.
As RIMS CEO Gary LaBranche put it, these two have shown some serious innovation that’s delivering "compelling results." And that’s what this is all about, right? Getting real, measurable results.
The award isn’t just a popularity contest. It’s judged by the RIMS Strategic and Enterprise Risk Management Council, and they look for programs that are innovative, strategically aligned with the business, and built to last.
So, how did our two winners do it? Here’s where it gets really interesting, because they took completely different paths to get to the top.
The Port Authority: Taming a Beast of Complexity
First up, let’s talk about The Port Authority of New York and New Jersey.
Think about the sheer scale of what they manage. We’re talking about a sprawling network of airports, seaports, tunnels, bridges, and rail lines that form the circulatory system of one of the world's biggest metropolitan areas. The number of things that could go wrong on any given day is just staggering.
Their challenge wasn't just managing risk; it was managing a universe of interconnected risks.
So, what did they do? They built a system that directly ties risk management to their overall strategy. They didn’t just create a risk register and call it a day. They developed what they call an "emerging risk framework."
Think of it like a sophisticated weather radar for the entire organization. It systematically scans for and prioritizes potential storms, whether they’re brewing inside the company (like operational issues) or far out on the horizon (like geopolitical shifts or new technologies).
By blending the hard numbers (quantitative analysis) with human insights (qualitative analysis and talking to stakeholders), they’ve made ERM a central hub for decision-making. It’s no longer a siloed function; it’s the glue that helps ensure everyone is aligned and the entire organization is built for long-term resilience. It's a masterclass in managing complexity.
SOCAR Türkiye: Making Risk Everyone's Business
Now, let's hop over to SOCAR Türkiye, a major player in the energy world dealing with refining, petrochemicals, and natural gas. They took a completely different, but equally brilliant, approach.
Their secret? They focused on culture.
Instead of treating risk management as a set of rules to be followed, they worked to embed risk-based thinking into the very DNA of the company. For them, resilience isn't a compliance box to tick—it's a competitive edge. It's what allows them to be agile and confident in a volatile industry.
To track their progress, they used the RIMS Risk Maturity Model as a sort of fitness tracker for their program. And the results speak for themselves. They saw huge improvements across the board—in governance, compliance, agility, and, most importantly, culture.
This has been so successful that SOCAR Türkiye is now seen as a leader in the region. Their model is being copied across the entire global SOCAR enterprise, and their ERM team is even co-leading the redesign of risk policies for all of the company's international subsidiaries. That’s what happens when you get it right—people want to know how you did it.
The Big Takeaway: It’s All About Strategic Value
So, what’s the common thread here?
Both The Port Authority and SOCAR Türkiye prove that a mature ERM program delivers value far beyond just keeping you out of trouble.
The Port Authority wove risk considerations directly into their strategic planning process. SOCAR Türkiye took it a step further and integrated risk-based thinking into their financial projections and budgeting.
In both cases, risk management earned a seat at the main table. It became a strategic partner that helps the business see around corners, seize opportunities, and build a stronger, more durable organization.
It’s a powerful reminder for all of us in the industry. The goal isn't just to manage risk. The goal is to build an organization that thrives because of how it thinks about risk. And these two winners have given us a fantastic blueprint for how to get there.
