Three key enablers to successful enterprise risk management

Abstract

Enterprise risk management (ERM) refers to a set of processes that enables the effective management of the risks, opportunities, and expected and unexpected events that may affect the enterprise. The successful implementation of ERM is a challenging task in part because it requires collaboration among multiple business units of different sizes, scope, and capability, each facing what it perceives as unique risks. Other difficulties with ERM implementations include lack of adoption of an enterprise-wide governance model, lack of a common risk language (e.g., taxonomy), and uneven levels of maturity within an organization regarding the management of risks. This paper establishes three conceptual frameworks that provide a basis for an enterprise embarking on ERM: 1) a risk management cycle; 2) a risk-related taxonomy; and 3) an ERM maturity model. The risk management cycle provides a discipline to consistently and coherently manage virtually all risks in the enterprise. The risk taxonomy provides a foundation for clear and concise communication about risk across the enterprise to enable better risk management. The ERM maturity model, and its associated capability assessment, allows an organization to determine gaps in its current risk management processes and define ways to improve those ERM capabilities. Together, these three frameworks are key enablers for a successful ERM implementation and ongoing operation. © 2010 IBM.