Enterprise Risk Management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities’ related to the achievement of their objectives. ERM can also be described as a risk-based approach to managing an enterprise, integrating concepts of strategic planning, operations management, and internal control.In its “Overview” of Enterprise Risk Management,” the Casualty Actuarial Society describes ERM as “… the discipline by which an organization in any industry assesses, controls, exploits, finances and monitors risk from all sources for the purposes of increasing the organization’s short and long term value to its stakeholders.
Similarly, COSO (Committee of Sponsoring Organizations) defined ERM as: “… a process, affected by an entity’s board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity goals.”
There are eight components viz.,
Internal EnvironmentObjective settingEvent IdentificationRisk AssessmentRisk ResponseControl ActivitiesInformation and communication, andMonitoring.These eights components are used for achieving the four categories of objectives of the framework of ERM viz., (i) Strategic High level goals: designed to support the entity’s mission or vision (ii) Operations: efficiency of operations including achievement of performance, goals and safeguarding against loss (iii) Reporting: reliable financial and operational data and reports and (iv) Compliance: with laws and regulations.
Risk Management Versus Management : Management Defined : Management may be defined as the process of planning, organizing, Directing and controlling the resources and activities of an organization in order to fulfill the objectives of that organization at the least possible cost.
Risk Management Defined : Risk management may be defined as the process of planning, organizing, Directing and controlling the resources and activities of an organization in order to minimize the adverse effects of accidental losses on that organization at the least possible cost.
Management and Risk Management, Common Characteristics : Because risk management is a form of management it,, lie all management: (i) is Directed toward the goals of the organization, (ii) requires the making and implementing of decision, and (iii) is performed through the planning, organizing, directing and controlling of the efforts of others.