Corporate Governance

Purpose – The purpose of this paper is to discuss the objectives of enterprise-wide risk management (ERM), the Committee of Sponsoring Organizations (COSO) ERM Framework, and outline a method to implement ERM in organizations.

Design/methodology/approach – This paper delineates ten steps organizations can use to develop a viable ERM system for any organization.

Findings – It is highly recommended that a high-level risk officer with visible support from senior and board level executives has a separate function to oversee the development of an ERM department.

Practical implications – Although the internal audit department has a large role in evaluation and monitoring the ERM system, it is management's responsibility to develop a strong ERM function that ties corporate strategy, the budget, controls, and the entity's performance measurement systems to risk management.

Originality/value – The cost to the entity of implementing and maintaining of an ERM system is grossly out-weighed by the results and knowledge gained in evaluating, assessing, and overseeing risk to insure achievement of strategic objectives over the short- and long-term life of the organization.