Enterprise risk management (ERM) is the process of planning, organizing,
leading, and controlling the activities of an organization in order to minimize
the effects of risk on an organization's capital and earnings. An effective, integrated ERM program can
help an organization identify and take action on risks that may be affecting the achievement of its core
strategic objectives. ERM should align with a company's goals and objectives.
ERM is becoming more than
just a way of managing risk but
also a way of doing business.
Risk management
is going to become an extremely critical topic for both the public and private
sector next year. As a nation, we are facing complex geopolitical issues and
state-sponsored attacks targeting our businesses and government on an enormous
scale. Large financial institutions and Silicon Valley companies have already
experienced billions of dollars in losses due to decisions being made without
effective enterprise risk management.
Data is both an asset and a liability and next
year we are going to see the regulatory environment become even more complex
around data governance, which will see enterprise risk management become a huge
priority for the C-suite and board. For the
purposes of its work, the Committee developed the following definition: ERM is the process by
which organizations in all industries assess, control, exploit, finance, and
monitor risks from all sources for the purpose of increasing the organization's
short and long term value to its stakeholders.