There have been many definitions of ERM. Most suffer from the “too many words” syndrome. They are too long, making it likely that a casual reader will suffer reading fatigue before completing and therefore will decide that the topic is too complicated to be useful.
Here is a try at a very crisp definition:
ERM is a system for enhancing decision making under uncertainty that requires consideration of ALL of the risks of the enterprise.
And also for plain “Risk Management”
Risk Management is a system for enhancing decision making under uncertainty that focuses on risks as well as returns.
Fundamentally linking ERM and Risk Management to decision making is important, vitally important. Otherwise funders of ERM programs will be quickly disenchanted with the expensive staffs and systems needed to support a Risk Management Entertainment System.
All ERM and Risk Management activities should be judged in terms of how well they support important decisions.
The important decisions that can be supported by ERM and Risk Management are many. Primary among them are:
- How much risk should the company take?
- How best to transition from the risk level that the company is taking to the risk level that the company should be taking?
- How to assure that the company takes no more risk than it should take?
- Which Risks should the company take?
- How best to transition from the risks that the company is taking to the risks that the company should be taking?
- How to manage the likelihood that the company will fall short of its earnings targets?
If a firm already has complete processes in place to make all of those decisions, then it already has ERM. With the rising calls for ERM from regulators, rating agencies and boards, those firms will need to make sure that they can fully articulate the processes that they use to make those decisions.
If, on the other hand, a firm generally makes one or several of those decisions by default, as a fallout from other decisions or on a totally flexible basis as it happens in response to various market forces or on a purely momentum based process that ultimately relies upon some past decisions that may or may not have been made with any concern for risk; then future development of ERM could be vitally important.
The support that ERM provides to all of these decisions is of the nature of an eyes open approach to risk. This general theme is perhaps the reason why ERM often seems to be a massive management information exercize.
But management information about risk is the means to supporting risk focused decision making, not the ends.