<img src="https://ws.zoominfo.com/pixel/kZxG1sNctrruFoZSPoVD" width="1" height="1" style="display: none;">
Contact Us
Book A Demo
Book A Demo
Contact Us

Risky Business: A Risk Manager’s Introduction to ERM

Angus Rhodes

enterprise-risk-management (1).jpeg 

Risk. It goes hand-in-hand with business.

Risk managers are faced with so many questions.

  • How do we effectively manage our business risks?
  • How do we encourage the whole organization to take risk seriously?
  • Are we meeting corporate governance and legal requirements?
  • Do we have adequate processes and technology to identify, evaluate, treat and monitor our risks?

The list is endless.

But what is enterprise risk management (ERM)?

Although ERM can mean different things in different companies, essentially it is the planning and controlling of business activities to minimize the likelihood of an event, and reduce any impact on the company. Types of activities include: financial, operational, reporting, compliance, governance, strategic, reputational or others like project or IT. In a recent on-line search for references to the International Standards Organization (ISO) and their standard for ERM (ISO 31000), the search returned over 64,000 references to choose from. A clear takeaway here is that ERM is well recognised, well researched and documented and is global in nature.

It is important to remember that ERM is not just about looking at the downside of risk but also maximising any opportunities that arise from the upside of risk.

In terms of the significance of ERM, consider that an online search for references to the International Standards Organization (ISO) and their standard for ERM (ISO 31000) will return over 64,000 results. A clear reminder that ERM is well recognised, well researched and documented, and is global in nature.

The ISO 31000 defines a process for ERM to give risk managers a best practise approach:


Managing risk across the enterprise is key to the success of a business. Risk managers understand that individual threats are potentially related and creating a combined risk landscape is essential to effectively managing the business and helping maintain a competitive edge. And a competitive edge can be the difference between staying in business and not.

Managing risk data

Challenges facing risk managers include how to consolidate and aggregate risk data at different levels across the organization and analyse, report on and monitor this. Without risk technology, identifying potential issues and preparing insights into trends and emerging outliers, such as for risk events or key risks, is certainly difficult and is not easy to promote with a high degree of transparency.

Data chaos resulting from traditional reporting methods, such as with spreadsheets, will not only slow down the roll-out of ERM across your organization and cause inefficiencies, but also hinder auditing and compliance.

It is important to have a risk management strategy to communicate how the whole company should approach risk. The strategy should sit alongside the business strategy and compliment the organization’s risk appetite (i.e. what does your company deem to be acceptable risk). It must also be linked with developing the company culture.

Sharing control                                                                                                                                  

While a company might see controlling risk as the responsibility of risk managers, in reality the whole organization has an obligation to conduct business responsibly and ensure compliance. To protect the business and create a risk conscious culture, your company’s leadership needs to be behind the risk management program and communicate this to employees.

Devising a framework

Enterprise risk management is implemented through a risk management framework or system. It ensures risk is approached consistently across the organization, takes into account the organization’s risk appetite and establishes how the three lines of defense (business, risk, audit) link together to effectively manage risk.

The framework should call for risk management to be at the forefront of making all business critical decisions.

Ventiv technology helps organizations to consolidate data, overcome challenges and analyze and report on trends. This ERM system has helped hundreds of businesses to save money, improve staff efficiency and make quick and informed decisions. 

New Call-to-action

Apr 6, 2017

 | Originally posted on 

Subscribe by Email