Enterprise risk management (ERM) in business includes the methods and processes used by organisations to manage risks and opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organisation’s objectives assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, businesses protect and create value for their stakeholders, including owners, workers, customers, and other interested parties.
Defining Risk and ERM
Businesses are challenged by events that affect the execution of their strategies and achievement of their objectives. These events can have a negative impact (risks), a positive impact (opportunities), or a mix of both risk and opportunity. In the 2004 publication Enterprise Risk Management—Integrated Framework: Executive Summary Framework, the Committee of Sponsoring Organisations of the Treadway Commission (COSO) stated that ERM is:
- A process, ongoing and flowing through an entity
- Effected by people at every level of an organisation
- Applied in strategy setting
- Applied across the enterprise, at every level and unit, and includes taking an entity-level portfolio view of risk
- Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite
- Able to provide reasonable assurance to an entity’s management and board of directors
- Geared to achievement of objectives in one or more separate but overlapping categories
examples include risks related to strategy, political circumstances, economic situations, regulatory, and global market conditions; also could include reputation risk to the business, leadership risk, brand risk, and changing customer needs and expectations.
risks related to the organisations human resources, business processes, technology, business continuity, channel effectiveness, customer satisfaction, work health and safety, environment, product/service failure, efficiency, capacity, and change integration.
includes risks from volatility in foreign currencies, interest rates, and commodities; also could include credit risk, liquidity risk, and market risk.
risks that are insurable, such as natural disasters; various insurable liabilities; impairment of physical assets; terrorism.
At Curran Risk Management we are committed to ERM and as such have a focus to encouraging organisations to integrate their management systems Quality, Safety, Environmental, Asset Management, Information Security etc. ISO Standards now place a requirement for organisations to identify the risks and opportunities directly related to the products and services it offers.