Enterprise risk stands unique among risk management categories as arguably the most holistic approach. Where traditional risk management typically divvies up risk by specific areas of threat defined by industry, such as technology, finance, product distribution, etcetera, enterprise risk management (“ERM”) as a strategy aims to examine the whole of an organization as more than the mere sum of its parts. It can be described in some ways as a “bird’s eye view” approach to risk management, a zoomed out perspective from which a company’s key decision makers have the opportunity to spot connections between intersecting areas that might not be otherwise visible within siloed divisions of traditional risk management departments. 




As in all forms of risk management, the crux of ERM lies in shedding light on unknowns, and hence averting future difficulty in favor of more positive outcomes and opportunities. Mitch Lucas of Finastra claims that “beyond regulatory compliance, effective ERM strategies lead to informed operating decisions and stronger performance” (Mitch Lucas, Finastra). He proceeds to point out that this more holistic approach to risk management allows decision makers - by predicting and avoiding future pitfalls - to ensure generally smoother operations as a whole. 


Maria Korolov of CSO Online corroborates Lucas’ point, writing that “Enterprise risk management (ERM) is the process of assessing risks to identify both threats to a company’s financial well-being and opportunities in the market. The goal of an ERM program is to understand an organization's tolerance for risk, categorize it, and quantify it.” (Maria Korolov, CSO.) 


Moreover,  much of ERM’s appeal lies in its ability to get ahead of -- and stay ahead of -- both future problems and potential future boons. That emphasis on big picture analysis -- leaving nothing out of the risk narrative, while still focusing on the most salient points of information -- is, in many ways, the true calling card of ERM. A good ERM strategy is, by definition, proactive rather than reactive.




The approach to risk management in the form of ERM is, in many ways, the natural evolution of traditional risk management models. It is worth noting that ERM does not, arguably, exist in direct opposition to the principles of traditional risk management. On the contrary, it aims to strengthen the most useful and productive elements of traditional risk management, while shortcutting inefficiencies and eliminating the more problematic practices. Where traditional risk management models tend to dive deep into the nitty gritty particularities of their designated arena without giving due consideration to alternate approaches or areas of risk, the well-considered ERM strategy strives to unite the combined depth of understanding provided by multiple traditional risk management specialists. At the same time, the same ERM strategy aims to do away with the blind spots often found in more siloed approaches to risk management, so that risk can be considered and assessed as a whole, rather than in a multitude of separately examined parts. 


Thomas Stanton of Johns Hopkins University points out that ERM aims to articulate and address the most pressing risks present in an industry - to put the bottom line first, essentially, rather than creating more busy work or drowning an organization in too much information to be useful (Thomas Stanton, TEDX Talks). Laurie Brooks -- the former Chief Risk Officer at Public Services Enterprises Group and current board director at Provident Financial Services -- offers similar sentiments, explaining that by viewing risk profiles in a more holistic manner, utilizing “both the bottom-up and top-to-bottom perspectives,” company decision makers better equip themselves to understand what risks truly demand attention, and what degree of monitoring is necessary. (Laurie Brooks, North Carolina State University Library) 




The customer benefits of ERM are manifold, resulting in greater predictability of future events in an industry, lower incidences of unpleasant surprises, and generally smoother operations for the company itself. In particular, with the domino effects of increasing dependence and innovations in technology and cyber-driven solutions across multiple industries, ERM platforms stand to benefit from automation and artificial intelligence. In particular, they may prove key to averting a bevy of cybersecurity threats. Maria Korolov writes, “Risks posed by the cybersecurity threat landscape are increasingly part of the ERM equation, and that poses a challenge for CISOs and other senior security professionals. Quantifying the business impact of a cybersecurity event is a very difficult, if not impossible task, and quantifying the likelihood of such an event is even harder” (Maria Korolov, CSO). She notes, however, that in some companies that have implemented ERM solutions, dealing with cybersecurity threats have simply become a part of bread and butter operational risk management. She quotes Andrew Morrison, who heads up a division of cyber risk services at Deloitte, who emphasizes that the majority of business organizations now agree that “cybersecurity is not a problem to be solved but a risk to be managed.” 




In addition to giving company decision makers an edge over cyber security threats, a strong, technologically sound ERM platform can also serve as an effective method of streamlining and automating analytic processes that might otherwise consume hundreds of hours. In this regard, the use of artificial intelligence (“AI”) in combination with ERM is key. While AI by no means serves as a replacement for human decision makers in risk management, it does become a powerful tool in the hands of the knowledgeable risk analyst. 


In particular, a machine learning enabled ERM platform can prove itself a remarkably helpful aid in navigating the world of big data and information curation as a whole. What previously may have seemed an incomprehensible overabundance of data can be narrowed down to what is immediately useful to decision makers.  Moreover, patterns and trends that might not have otherwise been noticed will be more easily detected and made obvious. A good AI-driven ERM platform will, in other words, allow for significant ease in the curation of data, and as a result, more freedom to pursue lucrative business opportunities unbound by the shackles of significant risk. This speaks to the ultimate aim of ERM, which at the end of the day, is to better illuminate the unknown.