The full form of ERM is Enterprise Risk Management.

Enterprise risk management (ERM) is a plan-based business strategy that aims to identify, assess, and prepare for any dangers, hazards, and other potentials for disaster—both physical and figurative—that may interfere with an organization’s operations and objectives.

The discipline not only calls for corporations to identify all the risks they face and to decide which risks to manage actively, but it also involves making that plan of action available to all stakeholders, shareholders and potential investors, as part of their annual reports. Industries as varied as aviation, construction, public health, international development, energy, finance, and insurance all utilize ERM.

Companies have been managing risk for years. Historically, they’ve done this by buying insurance: property insurance for literal, detrimental losses due to fires, thefts, and natural disasters; and liability insurance and malpractice insurance to deal with lawsuits and claims of damage, loss, or injury. But another key element in ERM is a business risk—that is, obstacles associated with technology (particularly technological failures), company supply chains, and expansion—and the costs and financing of the same.

More recently, companies have managed such risks through the capital markets with derivative instruments that help them manage the ups and downs of moment-to-moment movements in currencies, interest rates, commodity prices, and equities. From a mathematical point of view, all of these risks or “exposures” have been reasonably easy to measure, with resulting profits and losses going straight to the bottom line.

KEY TAKEAWAYS