Executive summary
Risk events are occurrences - catastrophic incidents caused by nature, terrorism, financial fraud or other problems - that can dramatically impact your enterprise’s ability to achieve its objectives. They can damage reputation, market capitalization or other key aspects of your business. When no mechanism is in place to plan for risk, no preparedness is possible. While some companies have been moving toward implementing more formalized ERM programs - establishing a Chief Risk Officer position, investing in systems, analytics and data management, and hiring necessary talent to perform analysis, predict and quantify risk events - the vast majority are far behind where they need to be. What is hindering their ability to make necessary progress? It comes down to a few simple things: properly defining the scope of ERM, establishing enterprise risk tolerance and driving a culture of sharing risk-related information.

The challenge for most enterprises is how to implement an ERM program, instill a culture prepared to deal with risk events and learn from inevitable mistakes. Managing enterprise risk is a critical and growing discipline within leading organizations. Doing it right is difficult; many “clouding factors” can sabotage an ERM program at every step. But doing it well may ultimately determine whether your organization can successfully avoid and/or mitigate risks.

By Robert Torok, Carl Nordman and Spencer Lin, IBM

Click here to view the white paper on a tablet or on screen

Click here to download a PDF (1Mb)