What is Enterprise Risk Management (ERM)?
ERM is a relatively new concept. There is a robust discussion among experts what it really means. Common ERM elements in most definitions include:
- Follows a Governance, Risk, and Compliance (GRC) approach to business.
- Is applied in strategy and tactical settings.
- Is a top down approach to business system management and execution.
- Is designed to identify potential events and risks that can impact the organization.Is a management system that can be architected, designed, deployed, managed, and assured.Is a management system that can be applied at various organizational levels including:
- Is based on the risk appetite and tolerance of the organization.
- Is focused on the achievement of business objectives.
- Provides reasonable assurance on the achievement of business objectives.
- Is a risk management process that has inputs, involves a consistent process and has outputs.
- Is managed by people at every level of an organization and including the supply chain.
Lesson Learned: ERM is the end state of the RBT journey.
[ed. be sure to check out Greg’s book on enterprise risk management. as well.]