“Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
- Committee of Sponsoring, Organizations of the Treadway, Commission (COSO), Enterprise Risk Management–Integrated Framework (2004).
Enterprise Risk Management (ERM) is not a separate, isolated process performed outside of normal business processes. Quite the contrary, ERM, similar to fraud prevention, ethics and internal controls, is integral to an organization’s success. it should be imbedded into and integrated within organizational strategy and incorporated into an organization’s core activities. erM needs to become part of organizational culture.Once the risks are identified and assessed, executive leadership must establish a plan to manage and monitor those risks. Find out more information on Link Between Decision-Making and ERM