ERM Glossary: Enterprise Risk Management

[this page | pdf | references | back links]

Enterprise Risk Management (ERM) is a term that has multiple meanings. It can refer to a set of business disciplines or to the application of these disciplines in practice. For example:


(a)          Lam (2003) defines ERM as follows:


ERM is all about integration in three ways. It requires:


-          An integrated risk organization

-          The integration of risk transfer strategies

-          The integration of risk management into the business processes of a company


(b)          Kemp and Patel (2011) define ERM as follows:


A framework, using risk as the core building block, to enable key business decisions to be aligned with inherent risk.


Key differentiators are:

-          Considers all risks

-          Is applied across the whole business

-          Has risk embedded into the decision-making process


Key enablers are:

-          Commitment and leadership from the top

-          Risk owned by the business

-          A supporting risk management function

-          Effective communication to all stakeholders of how risk is managed


It might also be defined as a holistic risk management process that considers the risks of the enterprise as a whole rather than considering individual risks and business units in isolation.


Usually Enterprise Risk Management aspires to focus on both downside risk and upside risk/opportunity. However, in practice, centralised risk functions within firms may be expected to focus more on mitigating downside risk (e.g. acting as a ‘second line of defence’) if this aids clarity of roles and responsibilities.


Contents | Prev | Next

Desktop view | Switch to Mobile