What you risk reveals what you value.
Jeanette Winterson, English author and journalist
When the word framework is invoked, I become wary of what I am about to hear. It is a word that is adored by consultants. It is often accompanied by a visually appealing and complex chart with lots of boxes and arrows, or sometimes overlapping bubbles, which offers a feeling of reassurance and comfort when viewed up on an office wall. Unfortunately, these charts usually do not lead to anything actionable, or sometimes even discernable. I have seen many such framework charts on ERM. In sharp contrast, in this chapter, we will define the ERM framework in a specific, meaningful, and practical way. Our accompanying chart will facilitate our discussions, and will also be useful for ERM discussions within your organization, particularly with senior executives and the board.
In Chapter 2, we defined the ERM process cycle as having four steps which are repeated periodically—risk identification, risk quantification, risk decision making, and risk messaging. Equally important are two additional elements in an ERM program: ERM framework and risk governance. Consider each of these as ERM infrastructure or structural overlays within which the ERM process cycle operates. The ERM framework provides the functional structure and risk governance provides the hierarchical structure. Think of ERM framework as the “what (activities), how (they interact), and why (they are performed),” and ...