CHAPTER 7The ERM Framework


In managing something as complex as a large corporation, or even a single function within such an organization (including ERM), it's easy to miss the forest for the trees. That is, one can quickly lose track of the big picture by getting caught up in the details. At the other end of the spectrum, too broad a view can lead one to overlook something important. In order to establish a structured approach, businesses have been implementing management frameworks that encapsulate the big ideas of a complex topic while breaking them down into discrete components. Early frameworks, such as the BCG Matrix (1968) and Porter's Five Forces (1979), focused on competitive analysis and strategy formation. Others, notably the Balanced Scorecard developed in 1987, focused on performance management and reporting. However, none of these frameworks directly address risk.

In this chapter, we'll begin by examining the nature and usage of frameworks in general. We'll next consider why organizations need a workable ERM framework that can coexist alongside (or within) these broader frameworks. Then we'll establish criteria to evaluate the usefulness of an ERM framework. I'll also offer my own take on an ERM framework that I think many companies can adapt for their own use.


I hope the previous chapters have made it clear why ERM is so important in today's business climate, but why do we need an ERM framework? Why can't current management ...

Get Implementing Enterprise Risk Management now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.