1.1.1 What Is EROM?

Enterprise risk and opportunity management (EROM) refers to the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. It is a means by which organizations identify and implement their strategic goals, objectives, and priorities, subject to imposed constraints, through a process of strategic planning, execution, and performance evaluation.

Quoting from a report by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission (2004), “Enterprise risk management encompasses:

• “Aligning risk appetite and strategy—Management considers the entity's risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks.¹
• “Enhancing risk response decisions—Enterprise risk management provides the rigor to identify and select among alternative risk responses—risk avoidance, reduction, sharing, and acceptance.
• “Reducing operational surprises and losses—Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses.
• “Identifying and managing multiple and cross-enterprise risks—Every enterprise faces a myriad of risks affecting different parts of the organization, and enterprise ...