Enterprise Risk Management

What is ERM?

Enterprise Risk Management (ERM) is a coordinated approach to identify potential events that may affect an organization, manage the associated risks and opportunities, and provide reasonable assurance that an organization’s mission, vision, and strategic objectives will be achieved. ERM helps ensure that the right information gets to the right people at the right time. By offering a strategically-aligned portfolio view of organizational challenges and opportunities, ERM creates a more risk-aware culture and offers insight into how best to prioritize and manage the risks inherent in carrying out the University’s mission of teaching, research, patient care, and public service.

Benefits of ERM

When applied effectively ERM can:

  • Improve the University’s capability to sense and respond to emerging risks before they become crises
  • Provide key information on strategic planning, performance management and budget decisions
  • Improve coordination across functional silos
  • Promote reliable reporting and monitoring across business units

Integrating ERM into the Organization

All organizations have a variety of functions that identify and manage specific risks. However, each risk function varies in capability and how it coordinates with other risk functions. Successful integration of ERM into day to day decision-making and management practices enables organizations to leverage opportunities and avoid, mitigate, and transfer risk, resulting in more resilient, effective, and efficient organizations. There are many ERM resources and references available, and the Related Resources sidebar has a few to get you started.

ERM Maturity

Organizations with a true enterprise-wide risk management approach possess a current, holistic understanding of their risks that informs decision-making across the organization. These organizations have successfully instituted comprehensive processes and policies that effectively identify, assess, mitigate, and monitor their key strategic, operational, and external risks.

The sophistication and comprehensiveness of an organization's risk management is important because of the positive correlation to its ability to meet its strategic and performance objectives. Organizations with a deliberate, consistent, resourced, and integrated approach that effectively identifies, selects, and prudently mitigates risks are more likely to build long-term value as compared to organizations with a casual, opportunistic, or reactive approach.

Measure how well your risk management efforts align with best practices using the RIMS Risk Maturity Model. The RIMS Risk Maturity Model (RMM) for Enterprise Risk Management is an umbrella framework of content and methodology that detail the requirements for sustainable and effective enterprise risk management.