CHAPTER 2: ENTERPRISE RISK MANAGEMENT (ERM) FRAMEWORKS
In the last chapter we saw how to identify, assess and report risks at the strategic level. This sets the overall risk context and framework for an organisation. However, if we then try to identify all of the risks at a day to day or operational/tactical level, without reference to this context, there is a danger that:
• the strategic risks may be forgotten or missed, leading to gaps in risk coverage.
• we will be reviewing and mitigating risks that are not significant to the organisation as a whole.
We therefore need a mechanism to connect and synchronise the strategic and operational/tactical risks and controls. This mechanism is often referred to as ERM, or Enterprise Risk ...