INTRODUCTION

One of the key building blocks of enterprise risk management (ERM) is the preparation and sharing of a corporate risk profile.¹ One might even go so far as to state that where there is no corporate risk profile there is no ERM. How a profile is prepared, how frequently it is prepared, and with whom it is shared are all subject to different treatments in each organization. However, a good guiding principle to follow is to keep it simple. Tools and methodologies should follow suit and not become overly bureaucratic or complex.

This chapter will provide guidance in preparing and communicating a risk profile to management and boards. The following descriptions of alternative methods will help students of ERM to understand how and why profiles assist management and boards in their decision making, and how these may be done most effectively in varying situations.

The chapter first provides background information on the definition, purpose, and use of risk profiles. The second part of the chapter describes how to collect the necessary information and prepare the risk profile, including the kinds of information that might be considered for inclusion in the document.

DEFINITION AND USES OF A CORPORATE RISK PROFILE

A corporate risk profile is a periodic documentation of the key sources ...