Enterprise risk management (ERM) is a methodology that looks at risk management strategically from the perspective of the entire firm or organisation. It is a top-down strategy that aims to identify, assess, and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an organisation’s operations and objectives and/or lead to losses.
ERM takes a holistic approach and requires management-level decision-making from an organisation-wide perspective.
ERM not only calls for organisations to identify all the risks they face and to decide which ones to actively manage, it allows top managers to make executive decisions optimised for the organisation as a whole rather than focusing on specific business units or teams.
It also often involves making the risk plan of action available to all stakeholders as part of an annual report. Industries as varied as aviation, construction, public health, international development, energy, finance, and insurance all have shifted to ERM.