We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Finance

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is Enterprise Risk Management?

By Sherri Anderson
Updated: May 17, 2024
Views: 9,624
Share

Enterprise risk management, also called ERM, is a concept which has a rather simple definition and a much more complex implementation. It is a business financial term which describes the methods of risk management — identifying risks and opportunites — within a company. This concept is broad and can be quite complex for large companies. Prior to the Sarbanes-Oxley Act in the United States and later the International Standard for Risk Management (ISO 31000), enterprise risk management was largely optional and though many businesses employed strategies to manage risks, the guidelines were much more vague. Aspects of enterprise risk management can include identifying business goals and creating a strategic plan to reach them; assessing how likely it is the plan, or parts of the plan, will succeed; and creating a response and progress assessment plan.

Strategic planning can be defined as the formulation and implementation of an organization-wide plan, which enables those within it to make decisions that focus solely on achieving the objectives set forth by the organization. In business, risks typically must be taken to help reach maximum achievement of the goals set forth by the business. Enterprise risk management is how businesses and organizations manage these risks. Part of taking a risk on an opportunity is knowing that it may not pay off; all of the invested time, money, and resources could be lost. The Sarbanes-Oxley Act, for example, puts auditing laws in place so companies can keep in mind what an acceptable level of risk is. The goal of the auditing laws is to protect stakeholders and to help ensure that corruption within an organization could be stopped before causing irreparable harm.

Some examples of common types of risks a business may face include credit, insurance, legal, accounting, auditing, quality, and other types of risks. The Sarbanes-Oxley Act requires U.S. companies to have an enterprise risk management system in place, and thus a number a frameworks were created. The two main frameworks in the United States were put together by the Casualty Actuarial Society (CAS) and the Committee of Sponsoring Organizations (COSO). The COSO's framework is more commonly adopted. It states that enterprise risk management is a process of internal controls that must be shared by the entire company and that the people within the company must know its acceptable risk level. The outline of the CAS is more focused upon the management of risk such that the company's value is increased for its stakeholders. Through many averse events occurring within the business world, legislators and business people alike have come to realize that an enterprise risk management system that includes all departments of an organization is the best way to protect stakeholders and thus protect themselves.

Share
WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.

Editors' Picks

Discussion Comments
Share
https://www.wisegeek.net/what-is-enterprise-risk-management.htm
Copy this link
WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.