What is enterprise risk management?



COSO defines enterprise risk management as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

Why risk management?
Risk Management objective
Risk management process
How to manage risks

Risk management model
Best practice risk model


Risk management approaches
Alternative approaches

Protecting enterprise value
Challenge to protect value


ERM application
The enterprise view


COSO development process
How COSO was born


This definition is broad for a reason. It reflects certain fundamental concepts, each of which is discussed in the COSO ERM framework. As summarized in the framework, “enterprise risk management is:

• A process, ongoing and flowing through an entity

• Effected by people at every level of an organization

• Applied in strategy-setting

• Applied across the enterprise, at every level and unit, and includes taking an entity-level portfolio view of risk

• Designed to identify potential events affecting the entity and manage risk within its risk appetite

• Able to provide reasonable assurance to an entity’s management and board

• Geared to the achievement of objectives in one or more separate but overlapping categories – it is “a means to an end, not an end in itself.”

ERM is about establishing the oversight, control and discipline to drive continuous improvement of an entity’s risk management capabilities in a changing operating environment.

It advances the maturity of the enterprise’s capabilities around managing its priority risks. Before a company can assert it is applying ERM, it must address ALL of the above concepts embodied in COSO’s definition.

Other links related to enterprise risk management fundamentals:

  • COSO risk management

  • ERM framework

  • ERM implementation

  • ERM process implementation time period.


    COSO enterprise risk management provides the internal audit platform.

    Return to Business Competence - Homepage

  • Enter your E-mail Address
    Enter your First Name (optional)
    Then

    Don't worry — your e-mail address is totally secure.
    I promise to use it only to send you Newsletter.