Enterprise risk management (ERM) requires clear risk management goals and objectives, linked to business objectives and strategies. It aligns strategy, processes, people, technology and knowledge for the purpose of evaluating and managing risks. "Enterprise" means an elimination of functional, departmental or cultural barriers. It is a holistic, integrated, forward-looking and process-oriented approach to managing all key business risks and opportunities—not just financial ones—to maximize shareholder value for the enterprise as a whole.
This document is a sample project plan for use during the planning phase of implementing ERM across an organization. It supports a phased implementation approach, detailing tasks, deliverables, and a project timeline.