Risk is a reality of doing business. Whether large or small, public or private, domestic or international, companies today operate in a risk-filled world. In many cases, risk is necessary for long-term operational success; however, failure to control risk effectively can often lead to just the opposite, including damaged reputation, loss of profits, disruption in productivity or, in severe cases, the end of the entity altogether.
Enterprise risk management (ERM) is the leading approach to managing and optimizing risks, enabling an organization to determine how much uncertainty and risk are acceptable to it.
With an organization-wide scope, ERM covers all types of risks and cuts across business units and considers end-to-end processes. It can provide organizations with a means of leveraging risks for greater performance, building a foundation for competitive advantage and ultimately establishing themselves as market leaders.
The Institute of Internal Auditors (IIA) defines ERM as “a structured, consistent and continuous process across the whole organization for identifying, assessing, and deciding on responses to and reporting on opportunities and threats that affect the achievement of its objectives.”
The insurance rating agency A.M. Best defines ERM as “a process by which organizations systematically identify, measure, and manage the various types of risk inherent within their operations.”
Although other priorities in running a business may have trumped risk management in the past, the planning and implementation of a formal program to better identify and oversee risk is of particular importance today. Organizations must respond to the increasing economic and competitive challenges proactively, taking the proper steps to ensure they are assessing, prioritizing and managing all risks – both old and new – in a strategic and consistent way.