Skip to main content
Poole College of Management
Enterprise Risk Management Initiative

ERM Fundamentals

Apr 15, 2009

Importance of Risk Management Mindset

Many companies that were unprepared for the current economic situation have become hesitant to make decisions regarding the future. For companies to regain confidence in making these decisions there needs to be a realization that risk management models are only as good as the decisions that are made based on the models. As a result, the risk management mindset is just as important as the model. Companies can focus on their risk management mindset by re-defining risk to include a more integrated view of risk and constructing a new "risk architecture" that incorporates information external to the company and looks at interdependencies to help make better decisions and more successfully manage their risks.

Sep 1, 2008

Managing Risks for Comparative Advantage: Five Steps to Better Risk Management

This articles highlights a five-step process to help companies make changes to better their approach to risk management in response to the developments occurring in the corporate approach to risk management: 1. Identify and understand your major risks; 2. Decide which risks are natural; 3. Determine your capacity and appetite for risk; 4. Embed risk in all decisions and processes; and 5. Align governance and organization around risk.

Sep 1, 2007

ERM in Higher Education

This document provides guidance for the embrace of Enterprise Risk Management (ERM) in Higher Education. While this is not a step-by-step guide on how to implement ERM at any specific institution, it does provide a good overview of the ERM process, where to begin, and best resources available for structuring and implementing an ERM framework. The document also summarizes examples of ERM at several institutions of higher learning.

May 1, 2007

Tools and Techniques for Enterprise Risk Management Execution

The Institute of Management Accountants has issued a new document that summarizes tools and techniques used by businesses that have effectively implemented an ERM program. After identifying risks, businesses should focus on risk drivers and utilizing the vast number of tools currently available for managing risks. Also, the importance of an enterprise-wide approach should be considered when organizations become trapped into managing risks reactively or by use of the silo method. This document contains numerous practical tools and templates that can be adapted for a variety of organizational settings.

Apr 1, 2007

Integrating SOX and ERM- Truths and Myths

For most organizations, the efforts being made to meet compliance regulations are not tied to current ERM processes. Procedures should be put in place to integrate compliance functionality into existing risk management plans.

Nov 1, 2006

RIMS ERM Maturity Model

The Risk and Insurance Management Society (RIMS) has recently introduced its Risk Maturity Model (RMM) to help organizations better utilize Enterprise Risk Management. The RIMS Risk Maturity Model can be used by chief risk officers and other risk practitioners as a resource to aide in planning, implementing, and benchmarking Enterprise Risk Management practices within their organizations.

Mar 24, 2006

Home Depot’s Approach to ERM

David Whatley, vice president for risk management at Atlanta-based Home Depot Inc., spoke on March 24th to 130 business professionals at the second of three Spring 2006 ERM Roundtables. Whatley described Home Depot’s approach to managing risks at the world’s largest home improvement retailer.

Sep 30, 2005

Evolution of ERM

Business professionals have varied personal definitions of enterprise risk management (ERM) based on their limited exposure to the new idea and their specific encounters with its effects given their roles within their companies. However, in order to better understand risk management, and especially ERM, risk itself must be better understood with greater uniformity than that with which it has been understood in the past. Misconceptions have kept business professionals from understanding risk as measurable in both negative and positive outcomes, as existent even without the occurrence of an event, and as affective of businesses in many areas, not just in the consideration of insurance.

Mar 11, 2005

ERM and Business Continuity

There is a huge debate over the roles and positioning of risk management and business continuity management within organizations. Some argue one function should be subordinate to the other. The key, however, is that the organization must determine the functional scopes of each function and communicate the appropriate relationship of the two tasks. Each organization needs to decide the appropriate mixture of these two functions.

Oct 1, 2004

The Orange Book: Management of Risk – Principles and Concepts

The original Orange Book was published by the British government in 2001 to promote more robust risk management practices in government sectors. Since 2001, organizations have begun to now have basic risk management processes in place. The risk management challenge is no longer in the initial identification and analysis of risk and the development of the risk management process. Rather, the challenge today is in the ongoing review and improvement of risk management. Thus, the British government issued this 2004 revision of The Orange Book to include more advanced guidance, such as the importance of “horizon scanning” (a systematic activity designed to identify indicators of changes in risk). This document also examines how the organization’s risk management activities relate to the wider environment in which it functions.