Professional Documents
Culture Documents
Enterprise Risk Management (Erm) By: Joy Ann R. Gonzales
Enterprise Risk Management (Erm) By: Joy Ann R. Gonzales
Examples of Enterprise
Authority
Managing risk at the level of an organization requires significant authority. This
typically falls under an executive role such as Chief Risk Officer reporting
directly to the CEO.
Risk Identification
Risk identification is the process of identifying risks to an organization and its
objective.
Risk Analysis
Risk analysis is the practice of assessing risk probability, impact and identifying
and identifying risk treatments and responses.
Risk Inventory
A tool for tracking identified risks throughout their lifecycle.
Risk Treatment
Each identified risk is treated with some combination of acceptance, avoidance,
transfer, reduction and sharing.
Risk Response
A risk response is a plan for dealing with a risk that is realized to become a loss or
issue. This can be contrasted with risk treatment that is about avoiding losses
before it occur.
Note that, several enterprise risk management frameworks confusingly use the
term “risk response” in place of risk treatment. Whatever the terminology, there
are two fundamental types of plan for dealing with risk: preventive and corrective.