Enterprise Risk Management means alternate things to different people but the general angle risk analysts seem to take; is to create a risk assessment program or tick list sheet, then torture staff in their company to assess what they often don't fully understand. This is fine but that is not Enterprise Risk Management in my opinion. ERM is beyond simple risk assessments or check lists and it should consider a much wider charter of risk exposure quantification in the company.
In the presentation that can be found at the following [LINK], I take a look at the scope charter of enterprise risk management and how ISO 31000 features.
Comments