Constitutions should consist only of general provisions; the reason is that they must necessarily be permanent, and that they cannot calculate for the possible change of things.
Risk governance and the ERM framework constitute the two elements of ERM infrastructure. The ERM framework provides the functional structure, which is part of the basic ERM infrastructure and must be in place before implementing the four ERM process cycle steps. Risk governance provides the hierarchical structure, which includes the way in which the ERM roles and responsibilities are divided up among individuals and groups; the organizational structure, including reporting relationships and authorities involved in ERM; and the policy and procedure documents that instruct key elements of the ERM process. Until the company completes one full ERM process cycle, only the most basic risk governance structure is warranted. The way ERM evolves, is adopted, and becomes integrated into a company's key processes differs from company to company. Until it is clear what the ERM activities will actually look like, the comprehensive risk governance structure required to support them cannot easily be determined. Now that we have completed our discussions of the ERM framework and the ERM process cycle, we are ready to discuss risk governance.
Focusing on Common Themes
The risk governance structure must be customized for each organization. There are two reasons for this. First, ...