Enterprise Risk Management (ERM) is defined as a process implemented by an entity’s board of directors, management and other personnel and applied in strategy-setting across the enterprise. It is designed to identify potential events that may affect the entity and manage risks to be within its risk appetite so as to provide reasonable assurance regarding the achievement of an entity’s objectives. ERM is a deviation from the traditional risk management framework which sought to avoid risks as it takes into account the fact that without some element of risk there can be no growth. It seeks to ensure that the risks taken are well thought out and mitigated to reduce losses.
ERM aims to measure an institution’s achievement of four primary objectives:
- Strategic – High level goals that are aligned with and support the institution’s mission.
- Operational – On going management processes and daily activities of the organization.
- Financial Reporting- Protection of institution’s assets and quality of financial reporting.
- Compliance – The institution’s adherence to applicable laws and regulations.
Firms operate in highly competitive and dynamic environments hence they need to be innovative and proactive whilst at the same time managing potential risks that may arise and this is where the ERM risk management framework comes in handy. It is a very delicate balancing act that needs to be well thought out and managed. Risks include; financial risks, operating risks, strategic risks, regulatory risks, environmental risks, reputation risks, political risks, and a whole host of other types of risks. By strategically managing risks, firms can reduce the chances of loss, create greater financial stability and protect their resources so they can achieve their objectives.