Enterprise Risk Management – Part 2

Estimated reading time: 2 minutes



We continue our series on Enterprise Risk Management. If you would like to read our previous article on this topic, please click here.


The CAS ERM framework

This particular framework, Casualty Actuarial Society, defines Enterprise Risk Management is a pretty succinct way.

The CAS definition states that: ERM is a discipline by which an organization assesses, controls, and monitors all risks.

Additionally, they note that its purpose is to increase value for the firm’s shareholders.


CAS risk types

The Casualty Actuarial Society is of the view that Enterprise Risk Management encompasses several defined risk types.

These risks types are given:

  • Financial
  • Hazard
  • Operational
  • Strategic

We also note the following examples with respect to the above risk types:

  • Financial risk may include liquidity risk
  • Hazard risk may include natural disasters
  • Operational risk may include reputational risk
  • Strategic risk may include issues with the availability of capital

CAS also believes that risk is essentially divided into the two categories:

  • The risk type
  • The risk management process


The CAS risk management process

There are several areas within the risk management process with respect to CAS:

  • The Establishment of Content
  • The Identification of Risks
  • The Analyzing of Risks
  • The Integration of Risk Factors
  • The Prioritization of Risks
  • Continuous Monitoring and
  • Continuous Reviewing


The RIMS Risk Maturity Model

The RMM model is actually based on the original work of the Capability Maturity Model done all the way back in the 1980s.

The model was created by the Chief Executive Officer of Logic Manager, Mr. Steven Minsky.

This paper was subsequently published by the American Risk and Insurance Management Society in 2006.

The RMM model constitutes seven areas:

  • Performance Management
  • Risk Appetite Management
  • Root Cause Discipline
  • The ERM-based Approach
  • ERM Process Management
  • Uncovering Risks
  • Business Resiliency and Sustainability


The objectives

In order to adequately manager the numerous forms of risk, we would typically observe that many firms will actually establish and implement several different risk departments.

Such departments are often times observed and called ‘risk functions’. It is important to note that each department (or each risk function) will differ in capacity and capabilities.

Each risk function will also be different in how it interacts with the other functions within the organization.

Of note, it would be wise of us to mention here that a typical issue arising from ERM is the ability to achieve harmony amongst the various risk functions.

Depending on the size and complexity of the firm, it often takes years to get to an acceptable level of harmony- and even then, ones requires continuous evaluation and adjustments for things to continue to work properly.


Thank you!

Thank you visiting our website. Be sure to check out the links below for more:


Success is near,

The QuestionBank Family