What is Enterprise Risk Management?

The Committee of Sponsoring Organizations of the Treadway Commission adopts this definition of Enterprise Risk Management:

Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

The definition reflects certain fundamental concepts. Enterprise risk management is:
• A process, ongoing and flowing through an entity
• Effected by people at every level of an organization • Applied in strategy setting
• Applied across the enterprise, at every level and unit, and includes taking an entity level portfolio view of risk
• Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite
• Able to provide reasonable assurance to an entity’s management and board of directors
• Geared to ac

You can find that definition in the Enterprise Risk Management – Integrated Framework Executive Summary (.pdf) by Committee of Sponsoring Organizations of the Treadway Commission