Enterprise risk management

Enterprise risk management is a methodology that looks at risk management strategically from the perspective of the entire firm or organization. It is a top-down strategy that aims to identify, assess, and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an organization's operations and objectives and/or lead to losses.

KEY TAKEAWAYS
- Enterprise risk management (ERM) is a firm-wide strategy to identify and prepare for hazards with a company's finances, operations, and objectives.
- ERM allows managers to shape the firm's overall risk position by mandating certain business segments engage with or disengage from particular activities.
- Traditional risk management, which leaves decision-making in the hands of division heads, can lead to siloed evaluations that do not account for other divisions.
- The COSO framework for enterprise risk management identifies eight core components of developing ERM practices.
- Successful ERM strategies can mitigate operational, financial, security, compliance, legal, and many other types of risks.

Understanding Enterprise Risk Management
Enterprise risk management takes a holistic approach and calls for management-level decision-making that may not necessarily make sense for an individual business unit or segment. Thus, instead of each business unit being responsible for its own risk management, firm-wide surveillance is given precedence.

It also often involves making the risk plan of action available to all stakeholders as part of an annual report. Industries as varied as aviation, construction, public health, international development, energy, finance, and insurance all have shifted to utilize ERM.