January 11, 2024
What is Enterprise Risk Management?
Enterprise risk management (ERM) is a methodology that looks at risk management strategically from the perspective of the entire firm or organization.
As a top-down strategy it aims to identify, assess, and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an organization’s operations and objectives and/or lead to losses. One of the most popular ERM applications uses the COSO (The Committee of Sponsoring Organizations of the Treadway Commission) framework, which looks at eight components of an organization to develop a strategy:
- Internal environment: assess the culture of the organization and the tone set by management.
- Objective setting: set objectives and align them with the organization’s mission and vision.
- Event identification: identify potential events that could impact the organization.
- Risk assessment: assess the likelihood and impact of identified risks.
- Risk response: develop strategies to manage risks.
- Control activities: develop policies and procedures which, when implemented, will ensure that risk responses are carried out effectively.
- Information and communication: Ensure that relevant information is identified, captured,
- Monitoring: Set up a procedure to review and evaluate the effectiveness of the ERM process.
Successful ERM strategies can mitigate operational, financial, security, compliance, legal, and many other types of risks. Some well-known businesses that use ERM include TD Bank, Coca-Cola, Ford Motor Company and The Walt Disney Company.