Enterprise risk management
From ACT Wiki
(ERM).
Enterprise risk management is the process of analysing and managing risk at the level of the business enterprise as a whole.
- Four co-ordinated stages
- Enterprise risk management establishes co-ordinated risk management objectives with clear links to both the firm’s business strategy and to investor expectations. Using an ERM approach, all managers in the firm become risk managers and indeed risk management could be viewed as simply ‘management’. The treasurer’s speciality is managing financial risk, but crucially as part of the management team.
- A very useful way to view enterprise risk management is to recognise four stages in reaching an approach to risk.
- Firstly, risk tolerance represents the amount of risk that the firm can actually bear. This could be represented by its capital, or by an amount of capital above a base amount of capital that cannot be put at risk.
- Secondly, risk appetite is the amount of risk that is actually desired. This might be seen in relation to the return sought by investors. Remember that reward is really only gained by taking risks, so limiting risk will limit reward.
- Thirdly, risk appetite leads naturally to risk budgeting, which is a way of setting out where risks in a firm should be taken. In treasury terms, we might see that if much risk is taken in the business model, then we need a very conservative approach in treasury.
- Finally this is documented in risk policy.
- The Treasurer's Wiki, Guide to risk management.