Enterprise Risk Management Understood

by Robert N. Charette

There is no clear-cut definition of what enterprise risk management (ERM) is or what it entails, because the field is evolving. The general definition is the assessment and management of the entirety of a corporation's risk spectrum in a unified fashion. This definition is in contrast to traditional corporate risk management, which focuses on individual risk areas such as insurance and finance. In most organizations dealing with these risk areas, risk management practices operate as silos, with little interplay among those responsible for managing these risks. Additionally, financial and insurance risks are assessed only periodically rather than continuously. This approach leads corporations to be both under- and overexposed to risk as specific financial/insurance risks can't be traded off against one another or hedged effectively, and the level of risk could change dramatically in between assessment periods without being noticed.