Geopolitical Risk Assessment: How to Analyze, Monitor, and Mitigate Geopolitical Threats to Your Business
On February 20, 2026, the US Supreme Court ruled 6-3 in Learning Resources Inc. … Read more
Enterprise risk management (ERM) is the discipline of identifying, assessing, and treating the full portfolio of risks that could prevent an organization from meeting its strategic objectives — financial, operational, strategic, compliance, and emerging risks alike. Unlike siloed risk functions, ERM gives boards and executives a single, integrated view of exposure so capital, controls, and management attention can be allocated where they move the needle most.
A mature ERM programme rests on three foundations. First, a governance framework — typically ISO 31000 or COSO ERM — that defines roles, escalation paths, and the three lines of defence. Second, a clear risk appetite statement that translates board tolerance into quantitative limits business units can actually manage against. Third, a repeatable risk management lifecycle covering identification, assessment, treatment, monitoring, and reporting.
Operationally, ERM depends on disciplined risk assessment — inherent vs residual scoring, control effectiveness testing, and scenario analysis — to keep the risk register honest. It also connects to sibling disciplines: business continuity management covers how the organisation survives disruption, information security management handles cyber and data risks, and governance, risk, and compliance (GRC) integrates the tooling and reporting that sits above all three.
Use this hub to explore frameworks, practitioner templates, certification guides (CRISC, FRM, PRM), and software comparisons. Whether you’re stood up a new ERM function or maturing an existing one, the resources below cover the methods, metrics, and reporting practices used by risk teams across financial services, healthcare, technology, and the public sector.
Cyber Risk Assessment: A Step-by-Step Framework for Identifying and Quantifying Cybersecurity Risks
Here is a number that should keep every risk professional awake: $10.22 million. That … Read more
Risk Appetite Statement: How to Define, Document, and Operationalize Risk Appetite and Tolerance
Ask ten risk professionals to define “risk appetite” and you’ll get twelve different answers. … Read more
Risk Register Template and Guide: How to Build, Maintain, and Report from a Risk Register
If you’ve ever sat in a risk committee meeting where someone asked “what are … Read more
What Is CRAMM? The Complete Guide to CRAMM Risk Assessment, Methodology, and Practical Application
What Is CRAMM? Start Here CRAMM stands for CCTA Risk Analysis and Management Method. … Read more
Risk Management in the Spiral Model: A Complete Guide with Examples, Templates, and Boehm’s Framework
Why the Spiral Model Puts Risk at the Center — Not the Margins Most … Read more
NUDD Analysis Explained: Meaning, Engineering Applications, and a Worked Example
What Is NUDD? The Short Answer (and Why It Matters) NUDD is a hazard … Read more
Financial Risk Assessment: The Complete Guide for Practitioners
The 2008 financial crisis did not sneak up on anyone who was paying close … Read more
Risk Management in the Spiral Model: A Practitioner’s Deep Dive
Most software projects fail quietly. They don’t explode on day one. They drift. Requirements … Read more
How Do You Create a Key Man Risk Plan for Crypto Firms?
A practical guide for crypto founders, COOs, and risk managers on identifying single points … Read more
What Insurance Options Exist for Crypto Custody?
A practical guide for risk managers, institutional investors, and compliance professionals navigating the fast-evolving … Read more
Hot Wallet vs Cold Wallet Architecture: What Risk Managers Need to Know
In early 2025, the Bybit exchange lost $1.5 billion in Ethereum during a transfer … Read more