One of the defining characteristics of Enterprise Risk Management (ERM) is that it encompasses all risk categories (financial, operational, compliance and hazard) across all levels of the organization (strategic, business and process) as illustrated in the table below.· The goal is to move beyond a “silo” scope of risk to a comprehensive, fact-based scope of risk that enables management decision-making.

The deep, dark secrets about risk are generally not found at the top of the house, but are found as you tap into the knowledge base of employees at the business and process levels.· If the company’s board truly wants comfort from the ERM process, strategic risks cannot be the only focus.· The strategic level will give you a good overview of the key risks perceived by management; whereas, the business and process levels can provide more granular data about what is truly happening in those risk areas.


Add comment

Security code