Enterprise Risk Management
The Risk Management Process
The risk management process—of identifying, analyzing, evaluating, and ultimately responding to and monitoring risks and opportunities—is at the heart of enterprise risk management. Extending this process across an entire organization, looking at both “upside” and “downside” risk, and considering risk in the context of strategy is what differentiates “ERM” from ‘traditional’ risk management.
The context and the risk assessment steps (identification, analysis, and evaluation) form the basis for decision-making about which risks or opportunities are priorities, what the appropriate response should be, and how resources should be allocated to manage the risk or opportunity in a way that best supports the organization’s strategy. The risk response step involves deciding on and planning for the best way to “treat” or modify the risk, and implementing that plan. Monitoring and reporting on the status of risks and their management and communication and consultation with stakeholders take place throughout the risk management process.
Last modified June 20 2012 02:29 PM