Skip to main content
Poole College of Management
Enterprise Risk Management Initiative

ERM Initiative Staff

Sep 30, 2005

Evolution of ERM

Business professionals have varied personal definitions of enterprise risk management (ERM) based on their limited exposure to the new idea and their specific encounters with its effects given their roles within their companies. However, in order to better understand risk management, and especially ERM, risk itself must be better understood with greater uniformity than that with which it has been understood in the past. Misconceptions have kept business professionals from understanding risk as measurable in both negative and positive outcomes, as existent even without the occurrence of an event, and as affective of businesses in many areas, not just in the consideration of insurance.

Sep 1, 2005

CROs (Chief Risk Officer) Challenged by IT Risks

The white paper focuses on the increasing dependency companies have on IT processes and the new challenges placed on CROs. Senior executives at various industries were asked to provide insight on digital risks and the role CROs play in tackling such risks.

Sep 1, 2005

Best Practices for Structuring ERM Within the Organization

In order for the risk management division to function properly, it is essential to structure it properly within the firm. The risk management division should be placed in high stature within the firm and should report directly to the CEO. Risk managers should have a deep understanding of the company's business in order to effectively communicate with risk takers in the firm. Structuring the risk management division properly will ensure a more holistic view of risk within the organization.

Jul 1, 2005

ERM – UnitedHealth Group

UnitedHealth Group has implemented ERM within the organization to help identify risks and alleviate negative exposures while profiting from positive opportunities. ERM implementation at UnitedHealth Group evolved out of their Business Risk Management processes used in their six diverse operating businesses.

May 1, 2005

Role of the Chief Risk Officer

The Chief Risk Officer (CRO) is rapidly becoming one of the most crucial members of the management team. CROs are involved with managing many types of risks faced by a business including regulatory risks, product development risks, and strategic risks.

Mar 11, 2005

ERM and Business Continuity

There is a huge debate over the roles and positioning of risk management and business continuity management within organizations. Some argue one function should be subordinate to the other. The key, however, is that the organization must determine the functional scopes of each function and communicate the appropriate relationship of the two tasks. Each organization needs to decide the appropriate mixture of these two functions.

Dec 31, 2004

Tax Risk Management: The Evolving Role of Tax Directors

A 2004 Ernst & Young survey reveals tax directors increasingly view tax risk management as vital to corporate governance. Learn how organizations are integrating tax risk into enterprise risk management and responding to new challenges.

Dec 31, 2004

Survey Data: ERM Trends

A PwC survey shows CEOs are taking more risks, citing competition and over-regulation as top threats. While many see ERM as valuable, gaps in effective implementation remain, especially among middle-market companies.

Oct 1, 2004

The Orange Book: Management of Risk – Principles and Concepts

The original Orange Book was published by the British government in 2001 to promote more robust risk management practices in government sectors. Since 2001, organizations have begun to now have basic risk management processes in place. The risk management challenge is no longer in the initial identification and analysis of risk and the development of the risk management process. Rather, the challenge today is in the ongoing review and improvement of risk management. Thus, the British government issued this 2004 revision of The Orange Book to include more advanced guidance, such as the importance of “horizon scanning” (a systematic activity designed to identify indicators of changes in risk). This document also examines how the organization’s risk management activities relate to the wider environment in which it functions.

Sep 1, 2004

COSO’s “Enterprise Risk Management – Integrated Framework”

"This Enterprise Risk Management – Integrated Framework expands on internal control, providing a more robust and extensive focus on the broader subject of enterprise risk management. While it is not intended to and does not replace the internal control framework, but rather incorporates the internal control framework within it, companies may decide to look to this enterprise risk management framework both to satisfy their internal control needs and to move toward a fuller risk management process. Among the most critical challenges for managements is determining how much risk the entity is prepared to and does accept as it strives to create value. This report will better enable them to meet this challenge."