News and Info

Risk Management Leader

Enterprise Risk Management 101

Enterprise Risk Management 101


If you’re reading this post, you’re likely familiar with the concept of enterprise risk management (ERM). Perhaps you recognize that vulnerabilities exist within your organization or your processes may not quite be up to the task and this “ERM thing” sounds like a solution worth investigating. Maybe you are in the process of building an ERM program, but searching for more information to determine exactly what launching an ERM entails.

Regardless of your motivation for seeking more information on ERM, you’ve come to the right place. Read on to learn more about enterprise risk management and how it can benefit your organization.   

What is enterprise risk management?

The Committee of Sponsoring Organizations (COSO) –  a joint initiative to combat corporate fraud –defines enterprise risk management as “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” 

Let’s simplify that a little. The Risk Management Association (RMA) sums it up well as simply an organization’s enterprise risk competence. Specifically, an organization’s ability to “understand, control, and articulate the nature and level of risks taken in pursuit of business strategies… coupled with accountability for risks taken and activities engaged in.”

So what does ERM in action look like?

ERM is a continuous and comprehensive cycle made up of four key components:

1. Plan – This phase includes the development of a risk management policy and plan

2. Do – Risk assessment based on the group of standards known as ISO 31000, as outlined by the International Organization for Standardization

3. Check – Utilizing the Risk Radar Enterprise scalable framework

4. Act – Professional risk management consulting

Your ERM experts

ERM is what we do. When you work with Pro-Concepts, you get more than three decades of experience in systems evaluations and risk management. Contact us today to learn what the Pro-Concepts advantage can do for your enterprise risk management practices. 

  • OMB A-123
  • NIST 800-53
  • ISO 31000
  • ISO 9001-2015
  • COSO
  • CMMI
  • PMBOK