Time to get into my recommended ERM process! Let’s start with practical definitions of Enterprise Risk Management and High Quality Risk Assessment. These definitions are rooted in the international standards (ISO 31000, COSO, AS/NZ 4360) but are not copied: they reflect a precise method finely honed over years with clients.

Show Notes



In prior episodes, I devoted time to critique what I take to be some of the misconceptions in the field of Enterprise Risk Management. I explained, at least in part, what may have caused them, and highlighted the extraordinary need for good risk management that faces us today, even though difficulties in implementation, linking to strategy and proving value are still persisting. 

With that as background, let’s start to look into my recommended ERM process. We won’t have time to discuss the whole implementation, of course, but we can begin with some practical and descriptive definitions.

Main points

Should I just give definitions or discuss rationale behind them?

I think it’s important to tell you the “why”, the rationale, as our preferred approach to ERM is a conscious one, without accepting advice uncritically.

Definitions: rationale and approach

- rationale for creating my own definitions

- does a risk management technique reach ultimate truth? 

- principle

- authoritative 

Definition 1. Enterprise Risk Management

What is the significance of the elements in the definition?
Must risk sub-disciplines or sub-frameworks use High Quality Risk Assessment?
The points that I’m insisting on really are points pertinent to quality, rather than additional administrative burden.

Definition 2. High Quality Risk Assessment.

How to operationalize this practice, as indicated by the elements in the definition.

Significance of High Quality Risk Assessment process

This is the essential practice in an ERM regime. Start with this, because if you don’t get this right, there’s really no point to continuing with ERM.  But when the High Quality Risk Assessment Process is finely honed it starts to enable incisive analysis of complex problems.

Summary: what have we accomplished today? We considered:

1. a working definition of Enterprise Risk Management

2. the risk ID and assessment method called High Quality Risk Assessment 

3. the necessity to develop and refine your risk ID and assessment process

4. the planning practice

In our next podcast episode, we will look closely at how to conduct High Quality Risk Assessment, and how to see that it is the details of the process are so important to guarantee the quality -- to make the magic happen -- in your risk identification and assessment process.

“One key message here is: do not fall into the trap of trying to lead a risk ID session, much less implement an entire ERM program, where goals and objectives are poorly defined.” (Solving the Enterprise Risk Management Puzzle: Secrets to Successful Implementation p.32)


E.Robertson Solving the Enterprise Risk Management Puzzle: Secrets to Successful Implementation (2016)