Enterprise Risk Management is a concept that involves a broadening of risk management responsibilities, the instilling of a risk management culture within the firm, and the idea of bringing to risk management the responsibility for some business risk in addition to pure risk.
Broadening of Responsibilities: all employees at every level are responsible for managing the risk they encounter every day; risk is no longer the domain of a single department.
Instilling a risk culture: companies embracing the ERM concept realize that with responsibility must be both control and permission. Employees are instructed that safety and loss control goals come from the very top of the company and that they will be praised rather than punished for bringing risk issues to the forefront (and possibly even slowing down production). The risk management culture permeates the core of the company in an ERM environment.
Adding business risk: the ERM framework involves looking at “business risk” and seeing how it might interact with “pure risk” in order to create a more complete and all-encompassing management process. Pure risk (risk of damage to property, loss of data, or a D&O claim) has been the domain of the Risk Manager (reporting to the CFO); Business risk, on the other hand has been the domain of the business managers in sales, operations, financial and treasury, and consulting areas of companies. ERM argues for a merger of risk types and a more holistic view of risk management.
LicataRisk will work with clients on ERM programs, helping them achieve this integration process.