Enterprise Risk Management is a relatively young discipline. There is no universal agreement on what it really consists of. In some of the academic literature, the definition is assumed. Authors don’t bother with it, and yet actual practice of what people call ERM is varied.
I want to give a critique of some of the definitions of Enterprise Risk Management having currency in management discourse, and then propose my own definition of ERM. Standards such as ISO or AS/NZ 4360 do not define or even contain the term Enterprise Risk Management. But they do define risk itself consistently as being associated with the organization’s goals and objectives.