One of the core concepts of insurance is risk management. The Institutes define risk management as “the process of making and implementing decisions that will minimize the adverse effects of accidental losses on an organization.”[i] Insurance professionals regularly use risk management tools to identify, analyze, and manage risks. In recent years, another approach to risk management has gained greater attention and use. This approach is known as enterprise risk management or (ERM). This article will discuss what enterprise risk management is, why it is becoming more prevalent, how it differs from risk management, and the benefits and impediments of utilizing an enterprise risk management framework.

Enterprise risk management (ERM) can be defined as “An approach to managing all of an organization’s key business risks and opportunities with the intent of maximizing shareholder value.”[i] In other words, an ERM approach can be utilized to address a wide range of critical organizational risks; simultaneously, ERM is focused on not just managing or mitigating risk, but adding benefits to organizations. ERM has taken on greater importance in the aftermath of the financial crisis of 2008. In particular, the Dodd-Frank Act, which was passed in 2010, requires certain financial firms to form risk committees that will be responsible for the oversight of enterprise risk management practices.[i] This legislation has encouraged the use and implementation of ERM among both large and smaller firms in the United States.

There are distinct differences between ERM and traditional risk management. In contrast to ERM, “traditional risk management is concerned with an organization’s pure risk, primarily hazard risk.”[i] Pure risk can be defined as either the chance of loss or no loss; risk management addresses the chance of loss, but not of the chance of gain.

ERM includes speculative risk, or a chance of loss, no loss, or gain, as well as pure risk. Simply put, ERM also focuses on ways an organization can generate value in the process of addressing risk and not just the chance of loss. ERM involves “managing all of an organization’s risks to help an organization meet its objectives.”[i] ERM is focused not just on the risk of loss, but on ways to create value for an organization.

Enterprise risk management can serve to enhance business performance in a number of ways. First, ERM can improve credit ratings. Financial rating firms such as Moody’s and S&P “evaluate an organization’s management of enterprise risk when developing ratings.”[i] ERM can also reduce earnings volatility. “Research after the global financial crisis of 2008 finds that organizations that implemented ERM saw reductions in earnings volatility”[i] Because ERM is focused not only on the risk of loss but on creating benefits, it allows firms to seize opportunities “through the recognition of activities or products that may have both positive and negative potential.”[i]

There are challenges to successfully implementing enterprise risk management. In order for ERM to succeed, “management needs information on all organizational risks in a timely and concise manner”[i] and gaining this level of insight is not easy, even if a company implements software systems to identify and collect this information! In addition, a corporation’s culture, and even office politics may impede using an ERM approach.

Different departments, and executives, maybe skeptical about using ERM and can ultimately weaken the effectiveness of ERM. It requires buy-in, and continued support, from senior management at a corporation.

In closing, enterprise risk management (ERM) is an approach to managing risks that is somewhat broader than traditional risk management. Not only does it address pure risk, or the chance of loss, but it also addresses a very wide spectrum of risks. The successful deployment of enterprise risk management strategies can also help to create value for organizations. Successfully utilizing ERM requires a lot of information in real time. And there can be cultural and political challenges to effectively implementing an ERM approach.

Even so, under the right circumstances, organizations can benefit from using enterprise risk management methodologies in handling their risks.


[i] Elliott, Michael W. “Enterprise Risk Management” The Institutes 1st Edition (pp. 1.3, 1.7, 1.18, 1.26, 7.23) 2015.

Copyright © 2018 Central Mutual Insurance Company. All rights reserved.

One response to “Enterprise Risk Management: An Alternative Approach to Managing Risk”

  1. awesome post thanks for sharing

Leave a Reply

Blog at

%d bloggers like this: