Skip to main content Skip to secondary navigation

Definition of ERM

Main content start

Enterprise Risk Management (ERM): A business continuous process, led by senior leadership, that extends the concepts of risk management and includes:

  • Identifying risks across the entire enterprise;
  • Assessing the impact of risks to the operations and mission; 
  • Developing and practicing response of mitigation plans;
  • Monitoring the identified risks, holding the risk owner accountable, and consistently scanning for emerging risks.

Adopted From: Risk Management – An Accountability Guide for University and College Boards. 2013 Association of Governing Boards of Universities and Colleges