I like Dave Ingram sees as ERM
- An approach to assure the firm is attending to all risks;
- A set of expectations among management, shareholders, and the board about which risks the firm will and will not take;
- A set of methods for avoiding situations that might result in losses that would be outside the firm’s tolerance;
- A method to shift focus from “cost/benefit” to “risk/reward”;
- A way to help fulfill a fundamental responsibility of a company’s board and senior management;
- A toolkit for trimming excess risks and a system for intelligently selecting which risks need trimming; and
- A language for communicating the firm’s efforts to maintain a manageable risk profile.
I like what Dave Ingram sees as ERM is NOT:
- A method to eliminate all risks;
- A guarantee that the firm will avoid losses;
- A crammed-together collection of longstanding and disparate practices;
- A rigid set of rules that must be followed under all circumstances;
- Limited to compliance and disclosure requirements;
- A replacement for internal controls of fraud and malfeasance;
- Exactly the same for all firms in all sectors;
- Exactly the same from year to year; nor
- A passing fad.