Enterprise Risk Management (ERM) Definition & Meaning
Enterprise risk management (ERM) is an ongoing business process that assesses, identifies, and plans for risks to an organization’s financial and operational health while also targeting market opportunities. Often part of an organization’s Governance, Risk and Compliance (GRC) strategy, risks can broadly include internal concerns such as company culture as well as external factors, such as data privacy regulations like GDPR and CCPA, disasters, a pandemic or cybersecurity attack.
A proactive business strategy that is employed across most business sectors, ERM takes a holistic approach to evaluating and managing risk across an entire organization and provides a structured process for management of those risks. In addition to warding off potential threats, ERM can also provide competitive advantages.
Objectives of Enterprise Risk Management
ERM is aimed at meeting organizational objectives rather than solely detailing potential problems. It is the implementation of a series of actions and activities that guide how an organization will assess and control risks.
Risk managers employ a combination of policies, practices and procedures to create frameworks for risk management, beginning with three key steps:
- Establishing risk governance steered by a board of directors that ensures decisions are made in line with an organization’s goals and strategies, a team of senior managers focused on risk management with Board oversight, and an independent risk management team that is responsible for the execution of business plans that are in line with the organization’s risk management framework
- Evaluation of the level of risk an organization is prepared to accept before action needs to be taken
- Implementation of risk management techniques that measure risks across products and businesses and that ensure compliance with an organization’s policies and guidelines
Enterprise Risk Management Frameworks
Over the past few years several ERM frameworks have emerged with each providing varied approaches to identifying, analyzing, and managing enterprise risk. Here are three of the most popular ERM frameworks:
- COSO (The Committee of Sponsoring Organizations). Established in 1985, COSO is a joint initiative between five U.S. associations — the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), The Institute of Internal Auditors (IIA), and the Institute of Management Accountants (IMA) — to fight corporate fraud. COSO’s goal is to provide thought leadership dealing with three interrelated subjects: enterprise risk management, internal control, and fraud deterrence. The COSO ERM framework has five components:
- Governance and culture
- Strategy and objectives
- Review and revision
- Information, communication and reporting
- ISO 31000 is a group of risk management standards established by The International Organization for Standardization. As a set of guidelines, ISO 31000 provides principles, a framework, and a process for managing risk, with the objective of improving the identification of opportunities and threats and best practices for allocating and using resources for risk management.
- The Casualty Actuary Society’s (CAS) Enterprise Risk Management Committee set out to define ERM in 2003 with a two-pronged approach to conceptualizing a framework: defining risk type followed by a risk management process that identifies, analyzes, integrates, and prioritizes risks before implementing risk management strategies alongside ongoing monitoring and reviewing of the process to identify what works and what doesn’t.
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top... Read More »Huge List of Computer Certifications
Have you heard about a computer certification program but can't figure out if it's right for you? Use this handy list to help you decide. Read More »
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »The Five Generations of Computers
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »