Overview of Enterprise Risk Management


Enterprise risk management (ERM) includes the methods and processes used by organizations to minimize surprises and seize opportunities related to the achievement of their objectives.

ERM is an approach to aligning strategy, process, and knowledge in order to curtail surprises and losses as well as to capitalize on business opportunities. Many individuals associate risk with negative outcomes. However, there is a potential value component to risk assessment and management. Risk management is about balancing risk and reward. A well-designed risk management program encourages and allows an organization to take intelligent risks. It involves assessing quantitative factors and information as well as considering management experience and judgment. An effective risk management program entails balancing people and processes. Ultimately, an entity’s risk profile is affected by the actions and decisions of its board of directors, management, and employees.

One cannot talk about risk management without discussing risk assessment. The vast majority of organizations conduct some type of informal risk assessment process. As a result, these organizations have some form of risk management plan. This plan, in most cases, is not documented.

Initial introduction of formal risk assessment and risk management within an organization is critical to the ultimate success of the initiative. An entity must consider its culture and develop ...

Get Enterprise Risk Management Best Practices: From Assessment to Ongoing Compliance now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.