Enterprise risk management (ERM) is a set of activities that are designed to mitigate or otherwise work with the portfolio of risk to which an organization is subjected. These activities are designed to do the following:
- Alter some business activities in order to avoid the risk associated with them.
- Offload some risk to other parties, either through the purchase of insurance products or via contractual arrangements.
- Accept some risk as part of the strategic direction of the firm.
In addition, ERM is designed to incorporate a consideration of risk into the general decision-making process, so that the business does not inadvertently take on risks on a go-forward basis. Further, the ERM process involves an understanding that many risks are interrelated, so that changing one risk will alter other risks. Consequently, risk management involves a thorough understanding of the entire risk environment.