The COSO Framework for Internal Control
Internal frauds are a big part of the operational risk faced by any organization. This is truer of multinational companies who have business interests in various countries across the globe. This is because there are thousands of people in important positions making business decisions on behalf of the company. Hence, ensuring that all these employees…
The Cost Structure in the Insurance Industry
Insurance is one of the most regulated industries in the world. Also, there are multiple players which offer every type of insurance. As a result, the competitive pressures are very high. This ensures that the insurance companies are not able to charge exorbitant premiums. Almost every insurance company across the world is a price taker…
Credit Derivatives: An Introduction
Credit derivatives are the most important financial innovation in the field of credit risk management. These derivative instruments have been created quite recently. They have only been traded for a couple of decades as compared to other instruments like stocks and bonds which have been around for centuries. Within this short period of time, credit…
Enterprise risk management (ERM) is a buzzword that has been doing rounds in the risk management field for the past few years. It is often used by managers in a context that implies that it is wider in scope than the traditional risk management function.
However, the number of risk management professionals who do not clearly know and understand the differences between traditional risk management and enterprise risk management is astounding. It is for this reason that this article will enumerate the major differences between the two approaches.
Traditional risk management mostly deals with risks where the exposure can be transferred to other parties in the form of an insurance contract. In some cases, where insurance contracts are not available, derivatives and structured finance products are used in order to meet this objective. However, enterprise risk management (ERM) is wider in scope. Here, the organization tries to deal with risks that are not insurable.
For instance, if there is an accident in the workplace and some employees suffer physical harm, then the financial loss arising from the harm can be covered by insurance. However, the accident also causes a loss to the reputation of the organization. This harm is not easy to quantify and hence cannot be insured.
The enterprise risk management (ERM) considers risks that would not be admissible in a traditional environment viz. damage to the company’s social media presence, damage caused by vendor disruptions, damage caused by incorrect mergers and acquisitions, etc.
Traditional risk management is only focused on one aspect of risks. This aspect is known as the probable impact. The probable impact is a product of the probability of a risk occurring along with the financial impact of the risk.
The enterprise risk management (ERM) framework is more holistic in nature. Instead of just trying to minimize the probable impact, it looks deeper to see how the risk affects the strategic goals of the organization. Some of the common questions asked by practitioners of enterprise risk management (ERM) are as follows:
Basically, enterprise risk management (ERM) helps look at risks from a broader perspective. Loss prevention is not the only key metric and other dimensions such as timing, information, and preparedness are also evaluated.
In a traditional risk management environment, the risk is managed in a decentralized fashion. This generally means that every department discovers its own risks and makes a plan to mitigate them. These approaches may be right at the department level. However, when aggregated at the company level, these risks can often be inconsistent, contradictory, conflicting, and outright inefficient.
Risk management literature is full of cases wherein managers have inadvertently created risks in other parts of the organization while trying to minimize their own risk. Also, in many cases, resources are wasted when departments act in a silo.
A centralized risk management department is known to be more efficient and consumes much fewer resources. Another issue is that sometimes risks span different departments. In such cases, there is conflict regarding the ownership of these risks.
It is for this reason that enterprise risk management (ERM) takes a more centralized approach towards risk management. Here, decisions related to risk management are taken at the enterprise level. The purpose is not to work in the best interests of any department but of the organization as a whole.
Traditional risk management is often reactive in nature. This means that it is either reacting to an event that has taken place in the present or preventing an event that has taken place in the past. Traditional risk management relies on empirical data. However, a lot of risks are the result of newer technologies. Hence, they cannot be understood while looking in a rearview mirror.
New-age technologies create newer unseen risks and market shifts. This is whether the concept of enterprise risk management (ERM) comes into place. The emphasis is on trying to find out how the future will play out while keeping the current context in mind.
The traditional risk management process is more or less standardized. Over the years, several frameworks and models have been developed. Implementing these frameworks is a fairly standard and common process and can be easily implemented. These processes cover most of the standard risks which an organization faces.
However, there are some non-standard risks being faced by organizations as well. This is why a more customized approach is necessary for enterprise risk management (ERM). The customized approach is not focused on compliances like the traditional approach. Instead, it is a more creative function that uses creativity as well as statistical skills in order to predict the possible risks.
The bottom line is that enterprise risk management (ERM) is a wider and more advanced version as compared to traditional risk management. The differences between them are significant. With the passage of time, more and more organizations are migrating towards the use of enterprise risk management (ERM).
Article Written by
Himanshu Juneja, the founder of Management Study Guide (MSG), is a commerce graduate from Delhi University and an MBA holder from the esteemed Institute of Management Technology (IMT). He has always been someone deeply rooted in academic excellence and driven by a relentless desire to create value. Recently, he was honored with the “Most Aspiring Entrepreneur and Management Coach of 2025 (Blindwink Awards 2025)” award, a testament to his hard work, vision, and the value MSG continues to deliver to the global community.
Article Written by
Himanshu Juneja, the founder of Management Study Guide (MSG), is a commerce graduate from Delhi University and an MBA holder from the esteemed Institute of Management Technology (IMT). He has always been someone deeply rooted in academic excellence and driven by a relentless desire to create value. Recently, he was honored with the “Most Aspiring Entrepreneur and Management Coach of 2025 (Blindwink Awards 2025)” award, a testament to his hard work, vision, and the value MSG continues to deliver to the global community.
Your email address will not be published. Required fields are marked *
