Remember the classic adage that says a chain is only as strong as its weakest link? Well, it is still true today. When an enterprise risk management (ERM) chain breaks, the cost of what you did not know can demolish your profits or reputation – both corporate and personal.

While leaders agree that governance, risk processes and corporate safeguards are needed to protect that chain, far too many leaders do not really understand the basic building blocks of ERM. And they may be hesitant to ask questions as long as they feel it is someone else’s responsibility. However, to be successful, ERM must involve everyone in the organisation, starting with the leaders.

The questions and answers below provide the seven basic building blocks needed to sanity check your ERM system, its effectiveness, and its value versus the monetary and personnel resources invested.

What is ERM — and why should you care?

ERM is a programme that directly relates to overall business strategy and objectives. It requires that everyone in an organisation be aware of and support the balancing of risk and reward in order to reach corporate strategic goals, within certain agreed-upon limitations. ERM’s focus includes governance, control, assurance and risk management.

The overarching goal of ERM is to ensure that adequate programmes and controls exist to provide a reasonable expectation that company objectives will be met. ERM’s role is to identify potential events that may affect the organisation and to manage risk according to the company’s risk appetite. The process is applied in a strategic setting across the whole enterprise.

Apr-Jun 2017 Issue