People Innovation Excellence

Enterprise Risk Management

Enterprise Risk Management

Enterprise risk management (ERM) is a plan-based business strategy that aims to identify, assess, and prepare for any uncertainties that could negatively or positively influence the achievement of the corporation’s objectives.

In the past, managing risk was done in a fragmented manner within functions or business units. Individuals would manage process risk; safety risk; and insurance, financial, and other assorted risks. As a result of this fragmented approach, companies would take huge risks in some areas of the business while overmanaging substantially smaller risks in other areas. ERM is being adopted because of the increasing amount of environmental uncertainty that can affect an entire corporation.

The discipline not only calls for corporations to identify all the risks they face and to decide which risks to manage actively, but it also involves making that plan of action available to all stakeholders, shareholders and potential investors, as part of their annual reports. The process of rating risks involves three steps:

  1. Identify the risks using scenario analysis, brainstorming, or by performing risk self-assessments.
  2. Rank the risks, using some scale of impact and likelihood.
  3. Measure the risks, using some agreed-upon standard.

In creating ERM initiatives, companies should focus not only on the downside of risk but on the upside as well.

Pic 1. Enterprise Risk Management Framework (Source:

Below are descriptions of key components in a strong enterprise risk management plan:

  1. Business strategy and risk coverage

The institution must define what it wants to achieve in terms of markets, geographies, segments, products, earnings, and so on. From there, the institution assesses the risk implied in that strategy and determines the level of risk it is willing to assume in executing that strategy.

  1. Risk appetite

Risk appetite represents the acceptance of volatility an institution is willing to assume in executing its business strategy. It is important for management and the board of directors to understand the critical links among strategy, business plans, and risk. A risk appetite statement is one tool that facilitates this linkage.

  1. Culture, governance, and policies

Culture, governance, and policies collectively help an institution manage its risk-taking activities.

  1. Risk data and infrastructure

The risk data and infrastructure refer to how the information is collected, integrated, analyzed, and translated into a cohesive story.

  1. Control environment

Internal controls help reduce the level of inherent risk to a level acceptable to management. The system of internal controls includes culture, governance, policies, preventive and detective controls, and scenario planning. Building an effective internal control environment allows management to control what can be controlled.

  1. Measurement and evaluation

The process of measurement and evaluation must include the system of internal controls and must determine how well the risks can be managed.

  1. Scenario planning and stress testing

Scenario planning and stress testing are tools that focus on the knowable and, perhaps, some unknowable risks.


Enterprise Risk Management, essential for any institution, encompasses all relevant risks. An ERM framework and model supports a management competency to manage risks well, comprehensively, and with an understanding of the interrelationship/correlation among various risks. The successful institution incorporates a robust ERM capability and strategy as part of its culture by integrating what already exists to create a comprehensive and integrated view of the institution’s risk profile in the context of its business strategy.



Strategic Management and Business Policy: Globalization, Innovation, and Sustainability, 15th Edition, ISBN 978-0-13-452205-0 by Thomas L. Wheelen, David Hunger, Alan N. Hoffman, and Charles E. Bamford, published by Pearson Education © 2018.

Published at :

Periksa Browser Anda

Check Your Browser

Situs ini tidak lagi mendukung penggunaan browser dengan teknologi tertinggal.

Apabila Anda melihat pesan ini, berarti Anda masih menggunakan browser Internet Explorer seri 8 / 7 / 6 / ...

Sebagai informasi, browser yang anda gunakan ini tidaklah aman dan tidak dapat menampilkan teknologi CSS terakhir yang dapat membuat sebuah situs tampil lebih baik. Bahkan Microsoft sebagai pembuatnya, telah merekomendasikan agar menggunakan browser yang lebih modern.

Untuk tampilan yang lebih baik, gunakan salah satu browser berikut. Download dan Install, seluruhnya gratis untuk digunakan.

We're Moving Forward.

This Site Is No Longer Supporting Out-of Date Browser.

If you are viewing this message, it means that you are currently using Internet Explorer 8 / 7 / 6 / below to access this site. FYI, it is unsafe and unable to render the latest CSS improvements. Even Microsoft, its creator, wants you to install more modern browser.

Best viewed with one of these browser instead. It is totally free.

  1. Google Chrome
  2. Mozilla Firefox
  3. Opera
  4. Internet Explorer 9