Understanding Enterprise Risk Management

Every business faces risk, yet studies conducted a few short years ago show that 69% of organizations don’t have enterprise risk

 min. read
September 15, 2022
Understanding Enterprise Risk Management

Understanding Enterprise Risk Management

Every business faces risk, yet studies conducted a few short years ago show that 69% of organizations don’t have enterprise risk management procedures in place (Shipman, NC State University). Does this surprise you? If the recent pandemic and cancel culture taught business owners anything, it’s that sales are not guaranteed, and one negative viral video can lead to a business being “canceled” by the public. Understanding the basics of enterprise risk management, the importance, and solutions should be at the top of your mounting to-do list to ensure long-term business success.  

What is Enterprise Risk Management?

The Risk Management Society defines enterprise risk management as a strategic business discipline designed to support progress towards organizational goals and objectives by effectively managing different risks found in the portfolio (RIMS). The goal of risk management is to create a portfolio view of the top risks that will affect your business objectives. For example, in the restaurant industry, what is the impact of a food poisoning outbreak on the company’s reputation and financial statements?

Enterprise risks don’t always have to be negative. Instead, they focus on any impact that risks will have on the business. Think of the impact of positive press. Will your business be able to handle the uptick in demand without scarifying quality? Common enterprise risks include strategic, environmental, social, governance, health and safety, operational, , compliance, and financial risks.

Why Should Companies Care?

Recent years have shown business leaders that risk is inevitable, making a proactive approach to enterprise risk management implementation a standard business best practice. Instead of simply waiting for the risk to happen, business owners can consider the causes of potential risks and take proactive steps to avoid them or lesson their impact on the business’ objectives.

There is an excellent incentive for companies to care.  Organizations with better ERM processes have been found to outperform their peers in terms of operating performance (Callahan & Soileau). A lack of enterprise risk management can lead to business continuity issues, lower earnings, lost opportunities, and stagnant business growth.

What are Ways to Minimize Enterprise Risk?

Luckily, there are ways to minimize and capitalize on enterprise risks. First, review your organization’s key objectives and consider the risks, that if they were to occur, would impact your ability to achieve the objective.  You can also consider any new risks your organization faces because of pursuing your objectives.  Next, prioritize risks based on their likelihood of occurring and potential impact. For your top risks, use a scenario planning tool, like a risk bow tie diagram to consider the potential triggering conditions for the risk, along with mitigations that can be taken to lessen the likelihood of the risk occurring, and/or lessen the impact of the risk if it does occur.

You can also consider key risk indicators your business is subject to. Key risk indicators are metrics that may describe the likelihood that an unwanted event is unfolding, or the effectiveness of a mitigation. These risks generally can predict the event, allowing you to take proactive measures to lessen the severity of the impact. There are both quantitative and qualitative key risk indicators that can be helpful to your business.

Another way business owners effectively manage their enterprise risk is to understand their risk appetite. Risk appetite is the amount of risk your business is willing to take on in order to reach the desired objectives. The factors that go into risk appetite will differ by business and by risk category (e.g. financial risks versus health & safety); however, this can be a great starting point when looking to evaluate enterprise risk and build consensus among business leaders.


Implementing the proper enterprise risk management processes into your business takes time and careful consideration of an abundance of different factors, which is why many business owners are turning to expert guidance. The team at Tracker Networks can provide your business with guidance, lessons learned, and enabling tools to help you quickly and easily establish a successful enterprise risk management program that your business users will embrace. Reach out today for more information.


RIMS. “About Strategic & Enterprise Risk Management (SERM).” RIMS, 2022, https://www.rims.org/resources/strategic-enterprise-risk-center/about-serm. Accessed 31 August 2022.

Shipman, Matt. “Survey: 69% of Organizations Do Not Have Comprehensive Enterprise-Wide Risk Management Processes in Place Despite Growing Corporate Risks.” NC State University, 20 March 2018, https://news.ncsu.edu/2018/03/erm-aicpa-risk-report-2018/. Accessed 31 August 2022.

Callahan, Carolyn  and Jared Soileau. “Does Enterprise risk management enhance operating performance?” Advances in Accounting, Volume 37, 2017, Pages 122-139. https://doi.org/10.1016/j.adiac.2017.01.001.