Enterprise Risk Management (ERM) is a company-wide strategy for identifying and preparing for hazards related to a company’s finances, operations, and objectives.
ERM allows managers to shape the firm’s overall risk stance by directing certain business segments to engage in or refuse certain activities.
Traditional risk management, in which decision-making is left to the heads of departments, can lead to disparate assessments that do not take into account the interests of other departments.
The COSO framework for enterprise risk management defines eight main components for developing an ERM practice.
Successful ERM strategies can reduce operational, financial, security, compliance, legal and many other risks.