Ideally, enterprise risk management (ERM) is a top-down, formal framework for identifying, prioritizing, analyzing, monitoring and managing all types of risk that an enterprise faces. It provides solid guidance for executive decision-making. ERM includes such risks as strategic risks, operational risks, financial risks (market and credit risks) and compliance risks.
- Is management aware of its operational, financial or strategic risks?
- Are senior management adequately identifying and managing risks holistically or are risks seen in silos?
- How can we identify risks at the enterprise level without incurring any additional costs?
- What risks should we focus on given the many risks types that are inherent in our company profile?