Enterprise risk management (ERM) is a set of activities that are designed to mitigate or otherwise work with the portfolio of risk to which an organization is subjected. These activities are designed to do the following:
Alter some business activities in order to avoid the risk associated with them.
Offload some risk to other parties, either through the purchase of insurance products or via contractual arrangements.
Accept some risk as part of the strategic direction of the firm.
In addition, ERM is designed to incorporate a consideration of risk into the general decision-making process, so that the business does not inadvertently take on risks on a go-forward basis. Further, the ERM process involves an understanding that many risks are interrelated, so that changing one risk will alter other risks. Consequently, risk management involves a thorough understanding of the entire risk environment.