Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM and Strategy

ERM – UnitedHealth Group

July 1, 2005 2-min. read

Enterprise Risk Management (ERM) is a discipline at UnitedHealth Group that identifies risks and alleviates negative exposures while profiting from positive opportunities.  The report, “Enterprise Risk Management at UnitedHealth Group,” authored by  Patrick J. Stroh, highlights that risks can range from financial reporting and compliance to planned business risks.

Some companies are adhering to Sarbanes Oxley Act (SOX) compliance and have not yet embraced ERM.  However, SOX does not address some of the important value adding elements for stakeholders—strategic business risk and market/business environmental risks.  The goal of ERM is to provide value and not primarily focus on enforcing risk reporting and monitoring.

Executive management can more effectively handle uncertainty in both positive and negative risks with an ERM model and process.  The key is focusing on the recognition of risks and mitigating those risks within a suitable tolerance level.

UnitedHealth Group’s mission is to improve the healthcare system.  After the implementation of Business Risk Management (BRM) into their six diverse operating businesses, UnitedHealth Group believed they were prepared to fully integrate ERM into their business culture.

Business Risk Management is a process used to accomplish the following goals:

  • create a framework to manage risks and concurrently increase stakeholder value;
  • build confidence in managers making decisions dealing with risks, and
  • eliminate surprises that are avoidable.

After using BRM, value creation, accountability and transparency became the focus thereby creating an ERM discipline.  Four ways to enforce stakeholder value are through awareness, alignment, resolution and accountability.  In order to achieve success with BRM and ERM, UnitedHealth Group uses a number of on-going measures to stay on course.  They recognize the importance of executive backing, strategic risk management, accountability, standardization, diversification, improvement persistence, and understanding the necessity to remain practical when the need exists.

Click below for a link to the full article.

Original Article Source: “Enterprise Risk Management at UnitedHealth Group”, Patrick J. Stroh, Strategic Finance, IMA, July 2005

More From Enterprise Risk Management Initiative

Business executives in a meeting

Strategic Value of Risk Management
Using Strategic Risk Analysis to Identify Potential Risks to Strategic Initiatives

ERM Tool: Using Strategic Risk Analysis to Identify Potential Risks to Strategic Initiatives
Embedding Risk Considerations in Strategic Planning and Budgeting

ERM Tool: Embedding Risk Considerations in Strategic Planning and Budgeting