Management Tools

Enterprise Risk Management

Enterprise Risk Management

Bain's Management Tools & Trends survey focuses on the 25 most popular tools and techniques that are relevant to senior management, topical (as evidenced by coverage in the business press) and measurable.

  • min read


Enterprise Risk Management

This tool was part of the Management Tools 2011 guide. Browse the latest guide here.

Enterprise Risk Management (ERM) is an approach to making strategic and business decisions after considering major risks and opportunities. Originally focused simply on managing the losses and downside, ERM now is also used to help companies decide between alternative business lines and strategic growth options. Companies are using the tool to take a more valuefocused (rather than loss-focused) approach to risk management amid increasing volatility and uncertainty. ERM considers everything from credit risk to operational and supply chain risk. ERM examines decisions through a risk lens, identifying creative approaches to succeed in a world of uncertainty.


Related Topics


To build an Enterprise Risk Management system, all parts of the organization contribute vital perspectives:

  • Senior executives determine the level of risk a company is willing to take. They express their risk appetite in concrete terms such as earnings volatility and potential losses of capital, equity or assets;
  • The risk organization, in cooperation with line managers, continuously examines the potential impact of various risks (e.g., strategic, business, financial and operational risks) on the organization. They decide whether to avoid the exposure completely, effectively mitigate it (for example, through a transfer to another party) or use the company risk insight and risk management capabilities as an opportunity to generate extra profit from the exposure;
  • Line managers embed risk management principles into everyday business decisions and activities;
  • Managers separate risk-taking and risk-monitoring responsibilities to avoid potential conflicts of interest.

Common Uses

Companies use Enterprise Risk Management to:

  • Take a proactive approach to protecting assets and organizations;
  • Determine which opportunities are worth pursuing;
  • Formalize risk governance;
  • Optimize returns on capital;
  • Allow regulators and debt-rating agencies to analyze a company's risk management processes.

Selected References

Fraser, John, and Betty J. Simkins (eds). Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives. Wiley, 2010.

Frigo, Mark L. "Strategic Risk Management: The New Core Competency." Harvard Business Review, January 2009,

Funston, Frederick, and Stephen Wagner. Surviving and Thriving in Uncertainty: Creating the Risk Intelligent Enterprise. Wiley, 2010.

Hampton, John J. Fundamentals of Enterprise Risk Management: How Top Companies Assess Risk, Manage Exposure, and Seize Opportunity. AMACOM, 2009.

Hubbard, Douglas W. The Failure of Risk Management: Why It's Broken and How to Fix It. Wiley, 2009.

Lam, James. Enterprise Risk Management: From Incentives to Controls. Wiley, 2003.

Monahan, Gregory. Enterprise Risk Management: A Methodology for Achieving Strategic Objectives. Wiley, 2008.

Taleb, Nassim Nicholas. The Black Swan: The Impact of the Highly Improbable. Random House, 2007.

Taleb, Nassim N., Daniel G. Goldstein, and Mark W. Spitznagel. "The Six Mistakes Executives Make in Risk Management." Harvard Business Review, October 2009, pp. 78-81.


Ready to talk?

We work with ambitious leaders who want to define the future, not hide from it. Together, we achieve extraordinary outcomes.