ERM Glossary: Enterprise Risk Management
[this page | pdf | references | back links]
Enterprise Risk Management (ERM) is a term that has multiple
meanings. It can refer to a set of business disciplines or to the application
of these disciplines in practice. For example:
(a) Lam (2003)
defines ERM as follows:
“ERM is all about integration in three ways. It requires:
-
An integrated risk organization
-
The integration of risk transfer strategies
-
The integration of risk management into the business processes of a
company”
(b) Kemp and
Patel (2011) define ERM as follows:
“A framework, using risk as the core building block, to
enable key business decisions to be aligned with inherent risk.
Key differentiators are:
-
Considers all risks
-
Is applied across the whole business
-
Has risk embedded into the decision-making process
Key enablers are:
-
Commitment and leadership from the top
-
Risk owned by the business
-
A supporting risk management function
-
Effective communication to all stakeholders of how risk is managed”
It might also be defined as a holistic risk management
process that considers the risks of the enterprise as a whole rather than
considering individual risks and business units in isolation.
Usually Enterprise Risk Management aspires to focus on both downside risk
and upside
risk/opportunity. However, in practice, centralised
risk functions within firms may be expected to focus more on mitigating
downside risk (e.g. acting as a ‘second line of defence’) if this aids clarity
of roles and responsibilities.
NAVIGATION LINKS
Contents | Prev | Next