Inherent Risk vs Residual Risk: How to Measure, Score, and Report Both
If your CFO asked you right now whether your controls are actually reducing risk … Read more
Enterprise risk management (ERM) is the discipline of identifying, assessing, and treating the full portfolio of risks that could prevent an organization from meeting its strategic objectives — financial, operational, strategic, compliance, and emerging risks alike. Unlike siloed risk functions, ERM gives boards and executives a single, integrated view of exposure so capital, controls, and management attention can be allocated where they move the needle most.
A mature ERM programme rests on three foundations. First, a governance framework — typically ISO 31000 or COSO ERM — that defines roles, escalation paths, and the three lines of defence. Second, a clear risk appetite statement that translates board tolerance into quantitative limits business units can actually manage against. Third, a repeatable risk management lifecycle covering identification, assessment, treatment, monitoring, and reporting.
Operationally, ERM depends on disciplined risk assessment — inherent vs residual scoring, control effectiveness testing, and scenario analysis — to keep the risk register honest. It also connects to sibling disciplines: business continuity management covers how the organisation survives disruption, information security management handles cyber and data risks, and governance, risk, and compliance (GRC) integrates the tooling and reporting that sits above all three.
Use this hub to explore frameworks, practitioner templates, certification guides (CRISC, FRM, PRM), and software comparisons. Whether you’re stood up a new ERM function or maturing an existing one, the resources below cover the methods, metrics, and reporting practices used by risk teams across financial services, healthcare, technology, and the public sector.
Risk Appetite Statement Examples: 10 Real-World Templates Across Industries
When Silicon Valley Bank collapsed in March 2023, post-mortem analyses revealed a finding that … Read more
Risk Management Policy Template: How to Write and Implement One
When Wells Fargo’s cross-selling scandal erupted in 2016, exposing millions of fraudulent customer accounts … Read more
Nature and Biodiversity Risk: TNFD Framework Practitioner Guide
Nature and biodiversity risk is reshaping how financial institutions evaluate their portfolios. When Banco … Read more
Climate Transition Risk Assessment: Physical and Transition Risk Under TCFD
When Pacific Gas & Electric filed for Chapter 11 bankruptcy in January 2019, its … Read more
Algorithmic Bias Risk: How Risk Managers Should Assess AI Fairness
In October 2024, the Consumer Financial Protection Bureau fined Goldman Sachs $45 million over … Read more
Risk Management in Pharmaceutical Companies: FDA, EHS, and Clinical Risk
Risk management in pharmaceutical companies is essential for protecting patient safety, ensuring FDA compliance, … Read more
Risk Management for Private Equity: Due Diligence, Portfolio Risk, and ERM
Risk management for private equity is essential for protecting portfolio value and meeting regulatory … Read more
Energy Sector Risk Management: NERC CIP, Operational Resilience, and Climate
On February 2021, Winter Storm Uri brought the Texas power grid within four minutes … Read more
Healthcare Risk Management Framework: HIPAA, Patient Safety, and ERM
In September 2024, Change Healthcare, a subsidiary of UnitedHealth Group, confirmed that a ransomware … Read more
FTC Safeguards Rule Compliance: Risk and Security Requirements
FTC Safeguards Rule Compliance is a critical obligation for financial institutions, and recent enforcement … Read more
CMMC 2.0 Compliance for Defense Contractors: Risk Management Guide
CMMC 2.0 compliance for defense contractors is now a top priority across the Defense … Read more