Skip to Main Content Skip to bottom Skip to Chat, Email, Text

Putting enterprise risk management into practice

What is enterprise risk management?

Enterprise risk management (ERM) involves identifying and addressing potential risks a large company or organization might experience. It can include threats to everyday operations and roadblocks that could keep organizations from achieving their long-term objectives.

Because ERM focuses on the overall business or enterprise, it typically involves big-picture judgments. In other words, the strategies address the well-being of the entire organization, but decisions might be detrimental to a specific department within the company. For example, automating bookkeeping systems may reduce human error and eliminate the danger of financial reporting compliance failures. However, if hacked, this software could cause plenty of stress for the accounting department.

This example illustrates a trend in ERM. Professionals with a background in cybersecurity, IT or a related technological field are in demand, as they can reduce errors, minimize risk and help companies define and manage potential danger areas. Tech has become so ingrained in today’s corporations that it often becomes part of the risk-mitigation effort. With problems like data breaches, ransomware, and network or computer system issues that can cause work stoppages, IT risk management is often a primary focus of ERM plans.

Here’s a closer look at modern enterprise risk management, how it affects business operations and how specialists can help companies improve their ERM processes. 

What makes enterprise risk management different from traditional risk management?

There are differences between traditional risk management and ERM. Conventional risk management has a modular focus. It seeks to define risks for specific divisions or processes and then deal with each threat separately.

ERM brings a holistic risk management approach to the company or organization. This methodology requires decision-makers and stakeholders to consider all risks at once and assess how they affect one another as well as whether dangers will impact the company’s big-picture plans.

The ultimate goal of ERM is to manage the dangers that could affect the long-term growth and prosperity of the entire company — not just a specific department or business process. This allows a company to address both existing and potential risks proactively. Also, the emphasis on overall goals makes it easier to plan strategically so that problems, when they do arise, don’t negatively impact progress.

Finally, while conventional risk management strategies for corporations tend to integrate insurance coverage, enterprise risk management includes uninsurable risks. For example, ERM strategies can include plans for dealing with bad PR from a data breach or defective product. Though insurance can provide compensation for any damage claims, it does not cover damage to the company’s reputation, which could suffer significantly from negative press coverage.

Why is risk management important?

Risk management allows a company to plan for unexpected events and identify potential problems before they stop a project or process.

Problems are inevitable, especially in a large enterprise with many moving parts. These simultaneous operations depend on one another. For example, a manufacturing department can’t function at full capacity unless the logistics department can deliver the proper materials.

The sales department, in turn, can’t deliver products on time if the manufacturing is delayed. Meanwhile, the corporation will have to pay operational costs and employee wages even though everything has slowed or even stopped in these departments.

Enterprise risk management focuses on proactively dealing with these vital operational issues so they don’t cause a complete shutdown.

For example, one solution for the manufacturing supply shortage could be keeping a backstock of inventory. Or the company might consider working with multiple suppliers or trucking companies in case one can’t deliver on time.

ERM also helps companies deal with the unforeseen. Some disasters, such as the COVID-19 pandemic, are difficult to predict. Even companies that saw the virus coming had no way of knowing how severe it would be or how governments would respond.

In such cases, ERM requires a disaster recovery plan, which outlines steps to get operations back online and limit downtime. While problems like COVID-19 are rare, natural disasters like storms, earthquakes, fires and floods happen more frequently. 

What factors are considered in enterprise risk management?

Enterprise risk management methodology involves identifying, assessing, tracking and addressing the dangers associated with running a corporation or organization. Often, this management involves evaluating risks that can come from different areas.

Unexpected and unpredictable dangers, such as natural disasters, are one important area of risk for organizations to consider.

Bad actors are another danger. Not only does ERM seek to mitigate risks that criminals pose, but it can also help address problematic internal activities, such as fraud by employees or executives.

Liability risks are also important for companies. These can include malpractice or faulty products or service, harm to workers on the job, and a failure to comply with relevant laws. Companies typically rely on insurance to deal with liability issues. However, ERM strategies can also include internal checks, quality controls and automated record-keeping and documentation that can help limit problems. 

ERM can even address the risk of not taking action. For example, suppose auto companies decide to invest in electric car research and development. In that case, it could be a risk for one brand to ignore this possible trend and continue to focus on producing traditional fossil-fuel-powered cars. The risk is that they will fall behind their competitors and require years of product development to catch up.

The role of cybersecurity in risk management

Cybersecurity is a growing concern, and therefore has become a major focus of enterprise risk management professionals. Cybersecurity breaches can be expensive and significantly damage a company’s image. This is especially true of firms that maintain databases containing sensitive customer information.

The other risk factor with cyber operations is work stoppages due to poor network performance or ransomware attacks. With so many processes requiring a network connection and IT infrastructure, an issue with a company’s computer systems or servers can cause major damage — not just in terms of liability but in terms of the ability to continue operations. 

Cybersecurity education at University of Phoenix

Whether you’re seeking to gain a basic understanding of cybersecurity or you’re a working professional looking to expand your skill set, University of Phoenix offers online course collections and bachelor’s and master’s degrees in cybersecurity.

  • Certified Ethical Hacker Course Collection: This course collection can help you prepare to sit for the EC-Council Certified Ethical Hacker (CEH) certification exam. Topics include the phases of ethical hacking, recognizing weaknesses and vulnerabilities of a system, social engineering, IoT threats, risk mitigation and more.
  • Certified Incident Handler Course Collection: This course collection can help you prepare to sit for the EC-Council Certified Incident Handler (ECIH) certification exam. This specialist certification focuses on how to effectively handle security breaches once they have occurred. 
  • Certified Network Defender Course Collection: This course collection can help you prepare to sit for the entry-level EC-Council Certified Network Defender (CND) certification exam. Courses focus on protecting a network from security breaches before they happen.
  • Computer Hacking Forensics Investigator Course Collection: This course collection can help you prepare to sit for the EC-Council Computer Hacking Forensics Investigator (CHFI) certification exam. You’ll learn about the latest technologies, tools and methodologies in digital forensics, including dark web, IoT, malware, the cloud and data forensics.
  • Bachelor of Science in Cybersecurity: This online program teaches skills such as security policies, network security, cybersecurity and more.
  • Master of Science in Cybersecurity: This online program explores such skills and topics as cybersecurity, security policies and network vulnerability in depth.
Headshot of Michael Feder

ABOUT THE AUTHOR

A graduate of Johns Hopkins University and its Writing Seminars program and winner of the Stephen A. Dixon Literary Prize, Michael Feder brings an eye for detail and a passion for research to every article he writes. His academic and professional background includes experience in marketing, content development, script writing and SEO. Today, he works as a multimedia specialist at University of Phoenix where he covers a variety of topics ranging from healthcare to IT.

Headshot of Kathryn Uhles

ABOUT THE REVIEWER

Currently Dean of the College of Business and Information Technology, Kathryn Uhles has served University of Phoenix in a variety of roles since 2006. Prior to joining University of Phoenix, Kathryn taught fifth grade to underprivileged youth in Phoenix.

checkmark

This article has been vetted by University of Phoenix's editorial advisory committee. 
Read more about our editorial process.

Read more articles like this: