Enterprise Risk Management – Part 1

Estimated reading time: 2 minutes



Enterprise Risk Management, or ERM for short, is a well-known framework commonly used in the financial sector.

Those who are aspiring to become seasoned risk professionals will become quite familiar with the various attributes associated with ERM over time.

We trust that you will enjoy this article (like the others) and learn something new and beneficial to your career growth.


What is this thing about?

Well, one way of thinking about it is that ERM is essentially a process. A process wrapped within a framework that seeks to better an institution’s standing, particularly in terms of its risk profile.

It essentially follows several steps that will seek to guide individuals towards a better risk path.

The steps are as follows:

  • Identify the applicable and relevant risks for the firm in questions
  • Figure out the chances of those risks happening
  • Figure out the potential impact of these risks on the firm
  • Create a response-action that can be used in the event of such risks occurring
  • Keep monitoring the potential risks, the potential impacts and possible responses


The necessary ingredients

Over the years, ERM has changed and has become much more refined.

It is being used much more due to the real-world benefits it provides, especially in terms of revealing the actual risks present within a firm (and not just a theoretical view of them).

It is seen as a comprehensive methodology that combines several areas, including:

  • The concepts of internal control
  • Strategic planning
  • The Sarbanes-Oxley Act


Noting the frameworks

There are a couple of ERM frameworks out there and each will actually have different processes and outlines for dealing with various risk-scenarios.

We will discuss a few of them over the next few articles.


COSO ERM framework

This particular framework was published back in 2004 and identified the FRM process as one that was dependent on the firm’s board of directors (as well as other key individuals) to identify the potential risk occurrences.


COSO categories

  • Operations
  • Strategy
  • Compliance
  • Reporting


COSO components

Some of the components in this framework includes:

  • Assessing risk
  • Reporting risk
  • Communicating risk
  • Response to risk
  • Risk policy
  • Firm monitoring


Thank you!

Thank you visiting our website. Be sure to check out the links below for more:


Success is near,

The QuestionBank Family