Enterprise risk management (ERM) is an enigma. Line up 10 experienced business people and ask them what it is - you’ll likely get 10 different answers. While companies may believe they are implementing ERM, what we see in practice often demonstrates a very limited perspective.
Many efforts to implement ERM are unfocused, severely resource-constrained, and pushed down so far into the organization that it is difficult to establish their relevance. While there is no one-size-fits-all solution, in this issue of Board Perspectives: Risk Oversight we will present design principles that will help overcome issues organizations face when implementing ERM.