Enterprise Risk Management

Yes, you CAN manage risks in a comprehensive, scientifically meaningful way that produces optimal risk-adjusted returns with minimal surprises!

However, to do so, you need to be aware of the difference between two kinds of risk: risks we face and risks we take.

Why? Because the focus of risks we face is on uncertain events that matter — the primary concern of chief risk officers and with direction and input from boards of directors and C-level managers — while the focus of risks we take is on alternatives of choice — decisions made by boards of directors, C-level managers, operations managers and engineers .

Optimization is achievable for both risks we take and risks we face. For risks we take, an optimum choice consists of selecting an alternative or combination/portfolio of alternatives that best achieves an organization’s objectives (taking into account benefits, costs, risks, and opportunities) subject to a variety of constraints. For risks we face, optimization is achieved by selecting a set of controls that reduces risks subject to a variety of constraints.

The framework and processes we describe for effective enterprise risk management:

An operational definition of Enterprise Risk Management:

  1. Enterprise wide — managing risks across all silos of the organization
  2. All inclusive — managing risks to all organizational objectives
  3. Both facing risks and taking risks — managing risks an organization faces by identifying, measuring, and controlling risk events as well as considering risks and opportunities taken when making decisions involving the selection of one or a portfolio of alternatives.

Click here to see a video of a webinar discussing the above in more detail.

The material that is contained herein is based on an academic, scientifically sound foundation as presented in the following risk analytic courses at The George Washington University: