Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall. (ERM)

ERM can also be described as a risk-based approach to managing an enterprise, integrating concepts of internal control, the Sarbanes–Oxley Act, and strategic planning. ERM is evolving to address the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex organizations to ensure they are appropriately managed. Regulators and debt rating agencies have increased their scrutiny on the risk management processes of companies.

The effective introduction, implementation and embedding of risk management systems within an organization’s own strategic and operational decision making processes is essential for an organization’s success. ICG member firms have professionals who specialize in enterprise risk management and can provide the following services and solutions:

Risk Management Policy & Strategy

As the culture of understanding and embracing risk management increases, so do the expectation and requirement for organizations to adopt appropriate policies and strategies. Our member firms can assess your operations and controls to help you determine your organizational risk appetite and maturity, introduce a risk management framework and understand the risks your organization is facing. They can prepare a risk management strategy with policies covering your people, your computers and information systems and internal control procedures and security.

Risk Awareness Training

If a risk management strategy is to be truly successful, organizations must embed a risk management philosophy throughout the organization. Consequently, board members and senior management must understand and buy into risk management to drive forward a risk enabled organization. As risks start to be devolved and managed at departmental and divisional levels it is imperative that all those involved in the process are fully trained on what is expected of them. The risk management specialists within ICG member firms can provide management training to meet the specific needs of your organization.

Risk Identification & Evaluation

Organizations are increasingly being expected to demonstrate that they have effectively evaluated the risks they are exposed to and have put into place appropriate controls to try to prevent the ‘worse case’ scenarios becoming a reality. Our member firms will work with you to identify the risks you face and evaluate their potential threat to your organization. Areas covered include your staff, internal systems, technology and security.