What’s ERM?

Print anything with Printful



Enterprise risk management (ERM) is the process of identifying risks and opportunities within a company. It involves strategic planning, evaluating the likelihood of success, and creating a progress and response evaluation plan. The Sarbanes-Oxley Act requires US companies to have an ERM system in place, and two main frameworks have been created: the Casualty Actuarial Society (CAS) and the Committee of Sponsoring Organizations (COSO).

Enterprise risk management, also called ERM, is a concept that has a rather simple definition and a much more complex implementation. It is a corporate finance term that describes risk management methods – identifying risks and opportunities – within a company. This concept is broad and can be quite complex for large companies. Prior to the Sarbanes-Oxley Act in the United States and later the International Standard for Risk Management (ISO 31000), managing corporate risk was largely voluntary and although many companies had strategies in place to manage risk, guidelines were much more vague. Aspects of business risk management may include identifying business goals and creating a strategic plan to achieve them; evaluate the likelihood that the plan or parts of the plan will be successful; and creating a progress and response evaluation plan.

Strategic planning can be defined as the formulation and implementation of an organization-wide plan, which enables those within it to make decisions that focus solely on achieving the goals set by the organization. In the business world, risks typically have to be taken to help achieve the maximum achievement of the goals set by the company. Enterprise risk management is how businesses and organizations manage these risks. Part of taking a risk on an opportunity is knowing it might not pay off; all the time, money and resources invested may be lost. The Sarbanes-Oxley Act, for example, puts review laws in place so that companies can keep in mind what is an acceptable level of risk. The goal of auditing laws is to protect affected parties and ensure that corruption within an organization can be stopped before it causes irreparable damage.

Some examples of common types of risks that a business may face include credit, insurance, legal, accounting, auditing, quality, and other types of risks. The Sarbanes-Oxley Act requires US companies to have an enterprise risk management system in place and therefore a number of frameworks have been created. The two main frameworks in the United States were brought together by the Casualty Actuarial Society (CAS) and the Committee of Sponsoring Organizations (COSO). The COSO framework is most commonly adopted. It states that enterprise risk management is a process of internal controls that must be shared throughout the enterprise and that people within the enterprise must know its acceptable level of risk. The CAS framework is more focused on risk management so that the value of the company is increased for its stakeholders. Through many adverse events that occur in the business world, both regulators and business people have come to understand that an enterprise risk management system that encompasses all departments of an organization is the best way to protect stakeholders and so protect yourself.




Protect your devices with Threat Protection by NordVPN


Skip to content