Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Fundamentals

Book Review: Making ERM Pay Off

December 31, 2001 2-min. read

Overview

Risk is defined as, “any event or action that will adversely affect an organization’s ability to achieve its business objectives and execute its strategies successfully.”  A business that is unable to manage risks will eventually disappear.  Historically, businesses have managed risks under what is called a “silo method.”  Under this method risks such as insurance risk, technology risk, financial risk, and environmental risk would all be managed independently in separate departments.  This book introduces an emerging risk management technique known as enterprise risk management (ERM).  ERM is an integrated approach to managing risks that involves personnel from every level in an organization.  It is also a continuous process that broadly focuses on all business risks and opportunities.

The demand for ERM has been driven largely by the increased use of technology and the Internet.  This “New Economy” has created and complicated many different types of risk.  The effects of these new risks can be seen in several recent instances where businesses suffered considerable financial losses, decreased shareholder value, damaged reputations, and bankruptcy.  ERM provides a process that helps prevent these undesirable events.  Its goal is to create, protect, and enhance shareholder value by managing the uncertainties that could either negatively or positively influence achievement of the organization’s objectives.

This book presents in-depth case analysis of several companies’ risk management practices.  From this analysis, emerging patterns in risk management are identified.  Companies can use these patterns and information to develop their own enterprise-wide risk management

Chapter 2

After analyzing the information gained from the five case-study companies, the authors formulated several lessons learned about ERM.  Each company believed it was creating, protecting, and enhancing value by managing enterprise-wide risks.  Below is a list of the lessons learned from the companies (see book for complete list).
Implementing ERM is different in every company because so much depends on the culture of the company and the change agents who lead the effort.

  • Companies should make a formal effort to identify all their significant risks.
  • Risks should be ranked on some scale that captures their importance, severity, or dollar amount. 
  • Risks should be ranked on some scale of frequency or probability.
  • Know your company’s and your shareholders’ appetite for risk.
  • Organizations should adopt an enterprise-wide view of risk management. 
  • Make risk consideration a part of the decision-making process.
  • One or more champions at the senior management level is a prerequisite for ERM.

The Case-Study Companies were:

  • Chase Manhattan Corp.
  • DuPont
  • Microsoft Corp.
  • United Grain Growers Ltd.
  • Unocal Corp.

Click to purchase the book.

Citation: Barton, T., Shenkir, W., & Walker, P. “Making Enterprise Risk Management Pay Off” The Internal Auditor. Dec. 31, 2001.

More From Enterprise Risk Management Initiative

Side of Hunt

What is Enterprise Risk Management (ERM)?
Executive Perspectives on Top Risks 2024

REPORT: Executive Perspectives on Top Risks for 2024 and a Decade Later
Elona Ruka-Wright

Integrating ERM with Other Risk and Assurance Functions