Defining Enterprise Risk Management
Federal Reserve Board Governor Bies offered a definition of enterprise risk management in her recent speech to the BAI ACE conference. Enterprise risk management, she explained, is a discipline that an organization can use to identify events that may affect its ability to achieve its strategic goals and to manage its activities consistent with its risk appetite.
A risk management program should include several elements: identifying and assessing key risks, determining the appropriate responses to those risks, determining the level of risk the company will accept, and implementing effective processes to limit risk to the acceptable level.
There must be clearly articulated risk-management goals, a common risk language for communicating clearly and effectively within the organization, and clear understanding of individual roles and responsibilities in the risk management framework.
Copyright © 2004 Compliance Action. Originally appeared in Compliance Action, Vol. 9, No. 4, 5/04>/span>
First published on 05/01/2004