Enterprise Risk Management

Susan Kelly Updated on Jul 28, 2022

Enterprise risk management (ERM), a strategy that considers risk management from the viewpoint of an entire company or organization, is called enterprise risk management. It's a top-down strategy that seeks to identify, assess and prepare for possible losses, dangers, and hazards that could harm an organization's objectives or cause losses.

ERM is a holistic approach that requires management-level decision-making, which may not make sense for a particular business unit or segment. Instead of each business unit is responsible for its risk management, firm-wide surveillance takes precedence. If a bank's risk manager notices that two trading rooms are located in the same bank area, they might force the less important one to be removed. This decision is made for the whole firm, not just one trading desk.


ERM requires corporations to identify all risks they face and decide which to manage actively (as with other forms of risk management). It also allows managers that may not be in the best interest of a particular segment but maximizes the company as a whole. Because risks can be isolated in business units that don't see the larger risk picture or fail to recognize it, this is called ERM.

This often means that the annual report will include the risk plan of action. Industries such as insurance, construction, public healthcare, international development, and energy have all shifted to ERM. For a long, companies have managed risk. Traditional risk management relied on each business unit managing its risk and reporting to the CEO later. Companies are beginning to realize the importance of a holistic approach.

For example, a chief risk officer (CRO) is an executive position in a corporation that is necessary from an ERM perspective. The CRO is responsible for ensuring compliance with all government regulations. He also reviews any factors that could affect investments or the company's business units. The CRO will define its mandate with the other top managers, board members, and other stakeholders. Although ERM standards and best practices are still in flux, COSO has established them, an industry group that provides guidance to companies and ERM professionals.

Holistic Approach to Risk Management

Modern businesses are exposed to a variety of potential risks and dangers. In the past, companies managed their risk exposures through each business division. Many large companies deal with growth by giving more responsibility to the heads of their business units. The CEO and other top managers were not involved in daily operations. This can cause inefficiency, misrecognition, or amplification of risk as companies expand and acquire multiple business segments or divisions. Each division becomes its own "silo" in this scenario.

They don't see how other divisions are exposed to risk, how they interact with other units, or how the different exposures within them interact. While a division manager might recognize the potential risk, they may not be able to see the importance of that risk to other business aspects. ERM views each business unit within the firm as a "portfolio." It attempts to understand how risks interact with and overlap individual business units. ERM can also identify risk factors that any unit may not see.

ERM can help to reduce firmwide risk and identify unique opportunities. ERM must communicate and coordinate between business units to be effective. Top management might make a risk decision incompatible with local assessments. ERM-using firms often have an enterprise risk management team to oversee the company's operations.

Why Enterprise Risk Management Technologies Are Vital For The Success Of A Firm

No matter what you want to accomplish with your company, enterprise risk management can help you get there. Even though every business engages in some risk management, a formal enterprise risk management (ERM) approach establishes procedures and practices that enable you to boost your chances of success in an organized manner. In the absence of risk management, a firm has a significantly increased propensity to make unwise choices, be less prepared, and struggle to accomplish its business objectives constantly.

Over the previous two years, if there is one thing that has become crystal evident, it is that businesses have no option but to make preparations for the unexpected. Companies have been tested through various difficulties, such as inadequate employee protections, supply chain flaws, and financial volatility, highlighting the need for agile, adaptive, and data-driven enterprise risk management (ERM).

For instance, safety is always a concern; yet, once organizations began enforcing work-from-home rules, the need for security took on a new dimension and was refocused. As a result of the unexpected move, many businesses were forced to scramble to convert their on-premises protocols into their off-premises equivalents.