Define ERM
There is no single definition of ERM!
The definition in the SP9 Principal Terms is:
ERM is a holistic risk management process which considers the risks of the enterprise as a whole, rather than considering individual risks and business units in isolation.
Explain what is meant by ‘risk management’
Risk management is the process of:
- Identifying the risks faced by an organization
- Assessing how likely these risks are to materialize and what their impact could be.
- Deciding how to deal with each risk.
The objective of risk management is to optimize risk-adjusted returns, i.e. to maximize the returns for a given level of risk.
Outline the key problem of a silo approach to risk management
A silo approach to risk management misses the interactions and interdependencies between risks faced by different business units.
These interrelationships between risks may serve to reduce their impact (DIVERSIFICATION), or may work to increase their effect (CONCENTRATION).
Outline the five main ERM concepts
General agreement on the overall ERM concept encompasses the following five elements:
- Taking a HOLISTIC, integrated approach
- Considering both UPSIDE and DOWNSIDE risks (seize opportunities)
- Measuring risks - quantifiable risks
- Measuring risks - unquantifiable risks
- Determining the appropriate RESPONSE to each risk
List the four main risk responses
- Retain
- Remove
- Reduce
- Transfer
Outline reasons why care must be taken when implementing ERM
- Risk cannot be managed without additional work and cost.
- RM is a subjective discipline and the consensus of what is best practice may change over time.
- Poor implementation of RM can simply increase bureaucracy and damage an organization.
- A lack of appreciation of the true “bigger picture” of an organization is likely to sabotage attempts to improve risk efficiency.
- Individuals must behave professionally.
