What ERM Is… and Is Not…

We see ERM as:

* An approach to assure the firm is attending to all risks;
* A set of expectations among management, shareholders, and the board about  which risks the firm will and will not take;

* A set of methods for avoiding situations that might result in losses that would be outside the firm’s tolerance;
* A method to shift focus from “cost/benefit” to “risk/reward”;
* A way to help fulfill a fundamental responsibility of a company’s board and senior management;
* A toolkit for trimming excess risks and a system for intelligently selecting which risks need trimming; and
* A language for communicating the firm’s efforts to maintain a manageable risk profile.

Alternatively, we feel ERM is not:

* A method to eliminate all risks;
* A guarantee that the firm will avoid losses;
* A crammed-together collection of longstanding and disparate practices;
* A rigid set of rules that must be followed under all circumstances;
* Limited to compliance and disclosure requirements;
* A replacement for internal controls of fraud and malfeasance;
* Exactly the same for all firms in all sectors;
* Exactly the same from year to year; nor
* A passing fad.

From an S&P publication in May 2008.  I wrote it and I still like it.

Dave Ingram

Explore posts in the same categories: Enterprise Risk Management, ERM

Tags: Enterprise Risk Management

You can comment below, or link to this permanent URL from your own site.