The Purpose of Risk Management in Healthcare
Key Takeaways Medical errors remain the third leading cause of death in the United … Read more
Enterprise risk management (ERM) is the discipline of identifying, assessing, and treating the full portfolio of risks that could prevent an organization from meeting its strategic objectives — financial, operational, strategic, compliance, and emerging risks alike. Unlike siloed risk functions, ERM gives boards and executives a single, integrated view of exposure so capital, controls, and management attention can be allocated where they move the needle most.
A mature ERM programme rests on three foundations. First, a governance framework — typically ISO 31000 or COSO ERM — that defines roles, escalation paths, and the three lines of defence. Second, a clear risk appetite statement that translates board tolerance into quantitative limits business units can actually manage against. Third, a repeatable risk management lifecycle covering identification, assessment, treatment, monitoring, and reporting.
Operationally, ERM depends on disciplined risk assessment — inherent vs residual scoring, control effectiveness testing, and scenario analysis — to keep the risk register honest. It also connects to sibling disciplines: business continuity management covers how the organisation survives disruption, information security management handles cyber and data risks, and governance, risk, and compliance (GRC) integrates the tooling and reporting that sits above all three.
Use this hub to explore frameworks, practitioner templates, certification guides (CRISC, FRM, PRM), and software comparisons. Whether you’re stood up a new ERM function or maturing an existing one, the resources below cover the methods, metrics, and reporting practices used by risk teams across financial services, healthcare, technology, and the public sector.
Risk Insured: What Every Organization Needs to Know
On January 7, 2025, the Palisades Fire ignited in Los Angeles County. Within 48 … Read more
Risk Matrix: What It Is and When to Use One
In March 2024, a mid-sized US hospital system discovered that its network had been … Read more
When Should You Conduct Risk Assessments?
A single undetected risk cost Optus 10 million customer records and AUD 140 million … Read more
Mitigate Any Risk: A Complete Guide to Risk Mitigation Strategies
Key Takeaways Global cybercrime damages reached $10.5 trillion annually in 2025, making structured risk … Read more
Risk Definition & Meaning: A Practitioner’s Guide
Risk definition is the foundation of every effective risk management program — and the … Read more
A Complete Guide to the Risk Assessment Process
Key Takeaways Risk assessment is a structured, repeatable cycle of identification, analysis, evaluation, treatment, … Read more
What Is Risk Management? The Complete Guide to Protecting Your Organization in 2026
What Is Risk Management? A Clear Definition Risk management is the structured process of … Read more
How to Monitor Risk in 7 Steps: A Guide for Risk Managers
Key Takeaways Risk monitoring is not a milestone — it is a continuous discipline … Read more
How to Write a Good Risk Statement: A Practitioner Guide
During an annual board risk review at a mid-size healthcare provider, the Chief Risk … Read more
Risk Score: What It Is and How to Enable It
A cybersecurity team at a regional bank discovered a critical vulnerability in their online … Read more
Risk Measurement: A 2026 Practitioner’s Guide to Methods, Sources, and Tools
On May 8, 2024, Ascension Health, one of the largest US hospital systems, took … Read more