Alternative definitions of ERM
A number of definitions of ERM are currently in use and are reflected below which can be useful in assisting the institution to define ERM within its own context:
COSO ERM Integrated Framework
"Enterprise Risk Management is a process, effected by the Board, Executive Management and personnel, applied in strategy setting and across the operations of the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."
COSO - The Committee of Sponsoring Organizations of the Treadway Commission
The King III Report on Corporate Governance for South Africa
"Risk management process is the planning, arranging and controlling (using internal control as one of the means) of the activities and resources to minimize the impact of all risks to levels that can be tolerated by shareowners and other relevant stakeholders."
King III Report on Corporate Governance for South Africa
The Combined Code (United Kingdom)
"The board's role is to provide entrepreneurial leadership of the company within a framework of prudent and effective controls which enables risk to be assessed and managed. The board should set the company's strategic aims, ensure that the necessary financial and human resources are in place for the company to meet its objectives and review management performance."
The Combined Code on Corporate Governance June 2006
IRMSA Code of Practice
"Enterprise Risk Management is a formal response to corporate risk. It is a structured and systematic process that is interwoven into existing management responsibilities."
Institute of Risk Management South Africa Code of Practice
Institute of Internal Auditors
"A process to identify, assesses, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organisations objectives."
The Institute of Internal Auditors Professional Practices Framework January 2004