Enterprise Risk Management

Enterprise Risk Management , abbreviated to ERM , is a catchphrase with which a holistic and company-wide risk management is propagated as an improved approach compared to a fictitious "classical" risk management which is regarded as more primitive.

description

By assuming the "classic" risk management that it is only pursued in individual corporate units and risk categories independently of one another, that it only focuses on risks and not opportunities, and that the risk management function is not properly integrated into the business organization, these become Properties attributed to the ERM.

For example, ISO 31000 is seen as a pioneering standard for the ERM. However, the whole of ISO 31000 deals with risk management in general; the term “enterprise risk management” does not appear at all in the standardization document.

The term "Enterprise Risk Management" was used in 2004 by the American private organization COSO . This had expanded its original COSO model from 1992, which mainly described the internal control system for the promotion of reliable financial reporting, to a " COSO ERM - Enterprise Risk Management Framework ", also called COSO II for short. In 2005, the rating agency Standard & Poor’s introduced the ERM as an independent category of financial strength ratings.

Individual evidence

1. ↑ Enterprise Risk Management (ERM). A driving force for the insurance industry. SCOR, October 2009, accessed December 25, 2016 . 
2. ↑ Michel Dacorogna: A Change of Paradigm for the Insurance Industry. November 2015, accessed December 25, 2016 . 
3. ↑ Tony Bediako: Enterprise Risk Management - Integrated Framework. In: ISACA'S IT Audit, Information Security & Risk Insights Africa 2014. 2014, accessed on December 26, 2016 (English). 
4. ↑ ISO 31000: 2009 (en) Risk management - Principles and guidelines. Retrieved December 25, 2016 .