Climbing the ERM Tree
Enterprise risk management (ERM) can take many forms. Understanding its history and complexity can help risk managers create better programs.
By John Bugalla, Barry Franklin, and Corey Gooch
Risk Management
May 2010
Enterprise risk management (ERM) emerged from the fundamental roots of risk management itself: preserve assets, protect people, and comply with laws and regulations. And like a young tree, ERM has developed a strong trunk with several distinct branches, each representing a different approach.
There are three primary reasons why ERM has developed so many branches. First, there is no standard definition of ERM. Instead, there are a variety of national and global standards, which have led to much confusion over what exactly the discipline of ERM really means.
Second, the marketing of ERM by professional service firms tends to mirror the services that those firms are selling. Accountants, insurance brokers and consultants craft their ERM approaches around their specific agendas, in effect creating more branches on the tree.
Third, how ERM is developed within organizations is largely dependent upon where it has been implemented (or where the ERM seed fell, if you will). For instance, the practice of ERM could be rooted in compliance, risk or value creation depending on where it is "owned" within the organization.
So although these branches all come from a common trunk, the diversity of perspectives has made ERM implementation more daunting. In this article, authors John Bugalla, Barry Franklin, and Corey Gooch explore the rationale behind these approaches and how to use that understanding to cultivate an effective ERM program.
