University of Vermont

Enterprise Risk Management


The Risk Management Process

The risk management process—of identifying, analyzing, evaluating, and ultimately responding to and monitoring risks and opportunities—is at the heart of enterprise risk management. Extending this process across an entire organization, looking at both “upside” and “downside” risk, and considering risk in the context of strategy is what differentiates “ERM” from ‘traditional’ risk management.

The context and the risk assessment steps (identification, analysis, and evaluation) form the basis for decision-making about which risks or opportunities are priorities, what the appropriate response should be, and how resources should be allocated to manage the risk or opportunity in a way that best supports the organization’s strategy. The risk response step involves deciding on and planning for the best way to “treat” or modify the risk, and implementing that plan. Monitoring and reporting on the status of risks and their management and communication and consultation with stakeholders take place throughout the risk management process.  

The steps in the risk management process are: 1-establishing the context, 2-risk identification, 3-risk analysis, 4-risk evaluation, 5-risk response, 6-risk monitoring, and 7-reporting and communication.

Last modified June 20 2012 02:29 PM

Contact UVM © 2018 The University of Vermont - Burlington, VT 05405 - (802) 656-3131