Developing an Effective Enterprise Risk Management Program

Enterprise Risk Management (ERM) programs are being implemented increasingly more often, especially with the marked increase in scandals operational disasters at larger companies and not-for-profits, most of which can be linked to the lack of an effective ERM program. According to a report by, out of the three top risks cited by corporate directors, reputational risk was mentioned as being of the most concern, followed by compliance risk and technology risk.

When talking about risk management, the purpose of an effective ERM program is to:

  • Identify where the risk might be within a company’s operations.
  • Determine exactly what that risk is and the factors involved.
  • Manage that risk once found using efficient and effective methods.
  • Mitigate the amount of damage the risk might potentially cause.

All of this, of course, must be based on a company’s risk tolerance. When implementing an effective ERM program, businesses should focus on three key principles:

  • Talented people to put into practice the strategies developed to handle risk.
  • Effective strategies that reduce or eliminate any risk found.
  • A good structure of communication between all entities and areas of a company, from the top down.

The best way to implement a successful ERM program is to have the involvement, understanding, and support of a company’s board and senior executives. This will ensure that everyone within the company is on the same page in regards to risk management and how much risk, as a whole, the company is willing to take.

Without the total support of top executives, an ERM program will not be as effective as it could be if it doesn’t fall in line with the “total” company stance on risk management. When top executives make risk management a top priority, it becomes of utmost importance company wide, thus becoming more accepted and easier to implement.

For more information about implementing an effective ERM program, visit: