/

ERM Glossary: Enterprise Risk Management

[this page | pdf | references | back links]

Enterprise Risk Management (ERM) is a term that has multiple meanings. It can refer to a set of business disciplines or to the application of these disciplines in practice. For example:

 

(a)          Lam (2003) defines ERM as follows:

 

ERM is all about integration in three ways. It requires:

 

-          An integrated risk organization

-          The integration of risk transfer strategies

-          The integration of risk management into the business processes of a company

 

(b)          Kemp and Patel (2011) define ERM as follows:

 

A framework, using risk as the core building block, to enable key business decisions to be aligned with inherent risk.

 

Key differentiators are:

-          Considers all risks

-          Is applied across the whole business

-          Has risk embedded into the decision-making process

 

Key enablers are:

-          Commitment and leadership from the top

-          Risk owned by the business

-          A supporting risk management function

-          Effective communication to all stakeholders of how risk is managed

 

It might also be defined as a holistic risk management process that considers the risks of the enterprise as a whole rather than considering individual risks and business units in isolation.

 

Usually Enterprise Risk Management aspires to focus on both downside risk and upside risk/opportunity. However, in practice, centralised risk functions within firms may be expected to focus more on mitigating downside risk (e.g. acting as a ‘second line of defence’) if this aids clarity of roles and responsibilities.

 


NAVIGATION LINKS
Contents | Prev | Next


Desktop view | Switch to Mobile