Enterprise risk management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings. Enterprise risk management expands the process to include not just risks associated with accidental losses, but also financial, strategic, operational, and other risks.
In recent years, external factors have fueled a heightened interest by organizations in ERM. Industry and government regulatory bodies, as well as investors, have begun to scrutinize companies' risk-management policies and procedures. In an increasing number of industries, boards of directors are required to review and report on the adequacy of risk-management processes in the organizations they administer.
Since they thrive on the business of risk, financial institutions are good examples of companies that can benefit from effective ERM. Their success depends on striking a balance between enhancing profits and managing risk.
Business risk management, holistic risk management, and strategic risk management are synonyms.