Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Risk management

1 Enterprise Risk Management (ERM)

In Session 1, you considered big risks involved with events that had happened and had serious impacts on the affected organisations. For a long time, businesses have managed specific types of risks. A manufacturing firm would typically look at health and safety risks, a bank its credit risks and a hospital the risks to patient safety. But doing a good job of managing one set of risks does not mean that the organisation has a good grip on managing all of its risks: it does not mean that all of the risks to the ‘enterprise’ are being managed.

Increasingly organisations have recognised the value of understanding and managing all of the risks that they face – this approach is called ‘Enterprise Risk Management’. But what is meant by ‘Enterprise Risk Management’ (ERM)?

In response to a number of high-profile corporate failures (Enron [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] , WorldCom, etc.) regulators have introduced standards that apply to large listed companies. The United States set up a commission (the Treadway Commission) which subsequently published guidance on the essential elements of risk management. This is commonly called COSO (Committee of Sponsoring Organizations).

This activity will help you to understand COSO’s definition of ERM.

Activity 1 COSO framework

Timing: Allow approximately 10 minutes

Look at the text from COSO and use the drop-down options to fill in the correct words.

Active content not displayed. This content requires JavaScript to be enabled.
Interactive feature not available in single page view (see it in standard view).

Now watch this video about how experts define ERM.

Download this video clip.Video player: Video 1 How do experts define Enterprise Risk Management?
Skip transcript: Video 1 How do experts define Enterprise Risk Management?

Transcript: Video 1 How do experts define Enterprise Risk Management?


Enterprise risk management is really all about managing all of the risk within your organisational enterprise. It's about policies and procedures. It's about people, training, tools, and systems, and everything that joins together as a whole for an organisation. It's almost- in my head, it's almost like the governance wrapper that sits around all of the good risk management work that you're doing.
And it's about making sure that if you're sitting in one particular part of the company, we don't just think about the risks that relate to that part, but how do we look across what we would call silos and make sure we look at the whole picture? So if you're sitting in finance, for instance, then there may be certain risks relating to finance. But how do they relate to, for instance, when we're looking at the supply chain and people who are managing external suppliers?
And is it the fact that the finance team may be trying to keep the costs down, but the supplier teams are trying to make sure we've got good, quality products coming in? So enterprise risk management is about getting the right balance across the different parts of the company and getting the right solutions and the strongest solutions so that the company can be as strong and resilient as possible.
I've worked in many companies where the finance team won't speak to the human resources team, and the human resources team won't speak to the engineering team, and so on and so forth. And that information is kept within the confines of one part of the business or one function within the business.
I think enterprise risk management does well break some of those barriers, break some of those boundaries, shares that information, and makes sure that it's clear and available to the right people when they need it so they can make the best possible decisions to take the organisation forward.
Enterprise risk management, for me, is the umbrella that supports the management of the operational risks here, and dependent on the risk type- the management of the strategic risks here, and then starts to put linkages between the two. Now, it's not easy because, as I said, you've got to be able to try and compare like for like, and you've got to have a very good understanding of, well, if something happens down here, how might it affect this thing up there?
But that's really what enterprise risk management should be trying to achieve. It should be trying to get that line of sight across the whole business. And it's to do- and it is line of sight, is to do that early warning. Because if we can find something down here that's indicative of something potentially of a bigger thing that can affect a strategic objective, it's when it's going wrong down here at the control level, the operational level, that's the best place to be able to find it and sort it and do something with it, because it's the easiest place to deal with. What you don't want is it to be in the press. You've just fallen off the edge of a cliff. The CEO is just about to be hung. You really don't want thattohappen.
End transcript: Video 1 How do experts define Enterprise Risk Management?
Video 1 How do experts define Enterprise Risk Management?
Interactive feature not available in single page view (see it in standard view).

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371