Enterprise Risk Management, or ERM, is the integration of a risk management approach in every aspect and operation of an organization. A fully integrated ERM program permits the identification, assessment (risk vs. reward analysis) and treatment or mitigation of all risks related to the organization. These risks include operational risk, hazard risk, financial and compliance risk, and people risk.
The organizational risk data is captured in a database through ERM software that aids in the documentation and rating of each risk, as well as the mitigation treatment and internal controls. The software enables a continuous monitoring of the organizational risk, which permits targeted and value-based resource allocation.
Integration of the ERM program into all levels of an organization increases the understanding and analysis of risk and reward at every level. This improves the decision making process and encourages continuous improvement.
Over the coming months, the Office of Risk Management will be rolling out more information and services related to ERM. As we develop an effective ERM program, we will also be developing the ability to provide our parishes and schools access to ERM software, thereby allowing participants to take full advantage of this valuable program.