1 Enterprise Risk Management (ERM)
In Session 1, you considered big risks involved with events that had happened and had serious impacts on the affected organisations. For a long time, businesses have managed specific types of risks. A manufacturing firm would typically look at health and safety risks, a bank its credit risks and a hospital the risks to patient safety. But doing a good job of managing one set of risks does not mean that the organisation has a good grip on managing all of its risks: it does not mean that all of the risks to the ‘enterprise’ are being managed.
Increasingly organisations have recognised the value of understanding and managing all of the risks that they face – this approach is called ‘Enterprise Risk Management’. But what is meant by ‘Enterprise Risk Management’ (ERM)?
In response to a number of high-profile corporate failures (Enron [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] , WorldCom, etc.) regulators have introduced standards that apply to large listed companies. The United States set up a commission (the Treadway Commission) which subsequently published guidance on the essential elements of risk management. This is commonly called COSO (Committee of Sponsoring Organizations).
This activity will help you to understand COSO’s definition of ERM.
Activity 1 COSO framework
Look at the text from COSO and use the drop-down options to fill in the correct words.
Now watch this video about how experts define ERM.
Transcript: Video 1 How do experts define Enterprise Risk Management?