Sample Paper on Enterprise Risk Management

Enterprise Risk Management


Despite the efforts and struggle by entrepreneurs to ensure profitability of their organizations or enterprises, various challenges stand in their way. In the recent years, emphases have been put on the eradication or elimination of these barriers to enhance successful organizational operations and profitability in the long run. Apparently, all the barriers that play a part in the prevention of the achievement of organizational profitability are identified as risks. Some of the risks that enterprises and organizations may be exposed to, include financial, operational, and strategic risks among others. The measures that enterprise and organizational managements have come up with in a bid to manage the mentioned risks cannot be ignored, and this is where the concept of enterprise risk management is identified. ERM gives reference to the planning, organization, leadership, and the control of an organization’s or an enterprise’s activities with an aim of minimizing the negative implications that risks could have on the earnings and capital of such an organization (Nocco & Stulz, 2006). Today, most organizations have expanded the ERM process to not only cater for risks resulting from accidents but also risks related to financial, strategic, and operational issues of organizations. The insinuation of the expansion is that organizations and businesses have protected, and created value for their stakeholders and this is inclusive of owners, regulators, customers, employees, and the society (Nocco & Stulz, 2006).

The differences between Enterprise Risk Management and Traditional Risk Management

The inception of Enterprise Risk Management was as a result of the traditional emphases on the management of risks, not only in organizations but in every profit making business That is to say, traditional risk management differs from enterprise risk management in various ways. Arguably, in the modern business world, the fact that the traditional approaches used in the management of risks in various organizations do not adequately identify, evaluate and manage risks is irrefutable. The jeopardy faced by organizations in terms of the inadequacy of the identification, evaluation, and management of risks has not only pulled organizations and enterprises backwards, but has also raised more questions than answers on the validity of the traditional risk management approaches in the modern entrepreneurial world. The debates on the same have identified some of the major differences between traditional risk management and the enterprise risk management (Saunders et al, 2006).

To begin with, in as much as some organizations still capitalize on the traditional approaches of risk management, the approaches are without doubt fragmented, and thus, they treat organizational risks as disparate and compartmentalized, and this is not advisable if an organization is on course to achieve its set goals and objectives (Saunders et al, 2006). Second, the difference between the two approaches is evident in the fact that traditional risk management’s focus is mainly on the management of uncertainties that revolve around physical and financial assets of organizations whereas ERM’s focus is not only on financial and physical assets but other risks such as operational, financial, strategic, compliance, reputational, and others (Saunders et al, 2006). In simpler terms, ERM’s diversification in the management of organizational risk is identifiable. Also, traditional risk management is seen to focus largely on the prevention of risks and this in is contrast to ERM that focuses on both prevention of risks and the addition of value. With this perspective in mind, organizations’ avoidance of traditional risk management approaches is owed to the fact that it does not provide a holistic framework that is crucial for the redefinition of risk management value proposition in the modern entrepreneurial world (Saunders et al, 2006).

Various risk classifications and how they are applied in organizations

The initiation of management and control of organizational activities prompts an analysis of the risks that an organization may be exposed to. The essentiality of risk classification in organizations is evident in the fact that it enables or allows the expeditious execution of the mitigation of the risks (Sadgrove, 2015). The classification of risks is based on various factors, one of which is how the risks impact a given organization. A common impact of organizational risks is that they result in uncertainty in profits or losses that could cause failure of organizations or businesses. There are myriads of risks classified on the basis of their impacts on organizations, and these include strategic, financial, operational, and compliance risks (Sadgrove, 2015). For strategic risks, their association with the operations of organizations or businesses result in uncertainty in profits or losses, and a failure to eradicate such risks could lead to the downfall of organizations or businesses (Sadgrove, 2015). Applied to an organizational perspective, strategic risks are evident during changes in supply and demand, during the emergence of competitive structures, and during the introduction of new technologies. Moreover, strategic risks in organizations are evident during the relocation of assets during mergers and acquisitions (Sadgrove, 2015).

Just like strategic risks, financial risks have negative impacts on the profitability of organizations. Apparently, their association with the financial structures and transactions of various organizations jeopardize organizational profitability or lead to organizations recording losses, of which in the long-term, result in the downfall or closure of organizations. Some of the financial risks in organizations or enterprises include insufficiency or unavailability of capital, mismanagement of funds, and the inequitable allocation of funds within organizations (Sadgrove, 2015).  It is also notable that the operational and administrative procedures of various organizations are often strained, and this ends up affecting the expected organizational profitability. Such an interference with the operational and administrative procedures of organizations causes operational risks. In organizations, operational risks crop up when there are disagreements or conflicts between managers and employees or when the available structures are inadequate to facilitate the smooth operation of organizations (Sadgrove, 2015). On the other hand, though not dominant, compliance risks also known as legal risks have in one way or another, strained organizational efforts aimed at achieving set goals and objectives. Such risks are associated with the need to abide by the rules, regulations, and policies set by governments and other related authorities. Essentially, some of the compliance risks that organizations or businesses may be exposed to include tax evasion and failure to adhere to trade tariffs. Like other risks mentioned before, compliance risks could lead to the failure, downfall or closure of an organization by government authorities (Sadgrove, 2015). An illustration of the various types of business risks is as follows

Fig 1: Types of business risks


Major values Enterprise Risk Management provides to organizations

Although several organizations have struggled with the implementation of ERM and identification of how, and at what level to initiate its integration, its values and significance to organizations are desirable. Today, managers of various organizations are in agreement with the fact that the integration of ERM is a prerequisite in the struggle or strive towards the achievement of success as well as the achievement of the set organizational goals and objectives. Apparently, one of the major values of ERM to organizations is that it has led to the creation of a more risk-focused culture in various organizations (Lam, 2003). The argument is that there has been a cultural shift in various organizations or enterprises, and this has seen a focus and discussion of risk at all levels. Without a doubt, the cultural shift has allowed or facilitated the efficient management of risks as seen in the modern entrepreneurial world. Second, the embrace of ERM by organizations and enterprises has resulted in the standardization of risk reporting, and this a value of great importance in the entrepreneurial world (Lam, 2003). Today, the timeliness, conciseness, and flexibility of risk data cannot be compromised in business organizations. The insinuation is that there has been improved decision making when it comes to risk management in organizations and enterprises in the global business environment. The onset of this was the standardization of risk reporting; that would otherwise be absent had organizations failed to embrace ERM (Lam, 2003).

Also, a key value for organizations today that has resulted from the integration of ERM is the efficient use of resources (Lam, 2003). As articulated earlier, the inefficient use of resources by organizational stakeholders often leads to the emergence of operational risks. However, the recent years have seen elimination of such risks in various organizations, and this is evident in the allocation of the right amount of resources to various individuals and organizational departments thanks to the embrace of ERM. Moreover, ERM’s value to organizations and enterprises is evident in the effective coordination of regulatory and compliance matters. In simpler terms, through the initiation of ERM, financial statement auditors as well as regulatory examiners have channeled their efforts to the inquiry about and the use of monitoring and reporting data obtained from ERM programs initiated in organizations and enterprises. Another value or rather a benefit of ERM is that it has played an integral role in increasing the consistency and communication of risks within various organizations and enterprises. Expansively, with ERM, there is a provision of terminologies and conceptual frameworks for all stakeholders in organizations. This results in an improvement and enhancement of opportunities for communication and coordination among organizational stakeholders. Most importantly, ERM provides early warning indicators that help organizations eliminate potential business risks that could jeopardize profitability (Lam, 2003), which is the main objective of every business or profit making organizations. The achievement of this is illustrated when ERM enables organizational leaders and managements to identify potential events or risks to which they respond early enough (Lam, 2003).

Approaches for implementing Enterprise Risk Management

Once organizational managers come up with ideas and propositions of enterprise risk management, there is a need for its implementation. Apparently, the main objective of ERM’s implementation in organizations is to facilitate the provision of reasonable assurance to organizational management boards that the set objectives and goals of organizations are achieved (Walker & Shenkir, 2008). Moreover, the embrace of ERM by organizations plays an integral role in building the confidence of community and stakeholders in investing in various organizations. Amidst the myriads of reasons for the implementation of ERM in organizations, the major concern remains the various approaches and ways used by organizations to facilitate the implementation of ERM. Essentially, one of the approaches that organizational leaders and managers should use in the implementation of ERM is the provision of education and training to business-unit managements (Walker & Shenkir, 2008). As a result, organizational managers, leaders, and other stakeholders will be equipped with the necessary knowledge and skills that will influence the smooth eradication or elimination of potential business risks in various organizations. Another key approach for the implementation of ERM in organizations is the identification of targeted benefits that are on set to be achieved by the deployment of ERM (Walker & Shenkir, 2008). The identification of targeted benefits prompts the involved stakeholders to focus on and analyze specific business risks. Once implemented, the monitoring of ERM is a must-do for organizations. It is during the monitoring that various modifications are made, and this is often through various management activities, and separate evaluations as directed by the organizational managements or leaders (Walker & Shenkir, 2008).

Business strategies employed by organizations in implementing ERM

Arguably, every organization has specific business strategies aimed at achieving the implementation of ERM. With focus on higher education environments, it is notable that some of the risks that organizations in such an environment may be exposed to, include financial, operating, strategic, regulatory, environmental, reputational, political, and other risks. The strategies used in the elimination of the mentioned risks vary from one organization to another. For instance, for the University of California, the embrace or implementation of ERM requires various business strategies such as an examination of the complete portfolio of risks, a consideration of how the individual risks at the organization interrelate, as well as a development of appropriate risk mitigation approaches that are crucial to addressing the risks in a manner that is consistent with the organization’s long-term strategy and the overall risk appetite. Similar strategies have formed part and parcel of the ERM implementation process in other organizations in the larger entrepreneurial world (Walker & Shenkir, 2008).



How organizations apply components of Strategic Risk Management

While focusing on ERM in organizations, its interrelated components cannot be ignored. The components are crucial for the development, existence, and profitability of various organizations. A major component of ERM is the internal environment, and this is the general culture, values, and the environment in which an organization operates (Dafikpaku, 2011). For most organizations, the internal environment determines the successful operation of organizational activities. Another component of ERM is risk response, and it influences or determines how the management of a particular organization will respond to the risks that it faces (Dafikpaku, 2011). Essentially, most organizations apply the component when trying to avoid, share, or mitigate a particular risk. Also, control activities are vital components of ERM. They play an integral role in the representation of policies and procedures that an institution or organization implements to address specific risks. Moreover, organizations capitalize on information and communication (Dafikpaku, 2011), which is a component of ERM to ensure that the right information is communicated at the right time to the right individuals within the given organization. An organization’s failure to apply the various components of strategic risk management means that its effective operation and management will be compromised (Dafikpaku, 2011).

Resource allocation and benefits of Risk-based Capital Allocation

Resource allocation as a key determiner of organizational success cannot be ignored when focus is shifted to enterprise risk management. Undoubtedly, with efficient and effective resource allocation in organizations, enterprise risk management is easily achieved and implemented. Capital allocation is a type of resource allocation that if done effectively could play a role in the elimination of organizational financial risks. This type of resource allocation implies that capital is distributed to different business lines or portfolio elements, and its importance increases as more financial markets get more and more rigorously regulated. The benefit of a risk-based capital allocation is that the potential risks are coherently measured Moreover, the performance of an organization in the entrepreneurial environment is significantly enhanced (Balog, 2010).


Balog, D. (2010). Risk based capital allocation. Proceedings of FIKUSZ’10, 17-26.

Dafikpaku, E. (2011, March). The strategic implications of enterprise risk management: a framework. In 2011 Enterprise Risk Management Symposium, Chicago, Illinois, USA.

Lam, J. (2003). Enterprise risk management: From incentives to controls. Hoboken (N.J.: J. Wiley.

Nocco, B. W., & Stulz, R. M. (2006). Enterprise risk management: theory and practice. Journal of Applied Corporate Finance, 18(4), 8-20.

Sadgrove, M. K. (2015). The complete guide to business risk management. Ashgate Publishing, Ltd..

Saunders, A., Cornett, M. M., & McGraw, P. A. (2006). Financial institutions management: A risk management approach (Vol. 8). McGraw-Hill/Irwin.

Walker, P. L., & Shenkir, W. G. (2008). Implementing enterprise risk management. Journal of accountancy, 205(3), 31.