The primary objective of an ERM program is to make risk management an integral part of organizational strategic and business planning processes, as well as a regular part of decision making. ERM provides a framework for using quantitative and qualitative information to evaluate risks and opportunities. ERM can also help transform the organization’s risk culture from risk averse to risk optimized.

As an PRIMA ISO 31000 faculty member, I’d like to share three book recommendations with you. Whether you are heading to the beach or are looking for something to enjoy over your morning coffee, I think these books have something to offer if you are already involved in enterprise risk management (ERM), or if you are planning implementation in the future. 

6. Encourage Active Participation – Most workshops have one or two people that are hesitant to be involved because they are uncomfortable expressing themselves in a group setting. However, history has shown that many major discoveries and advances in human knowledge have come from introverts, so make every effort to help them join the discussion. Be careful that your efforts do not lead to embarrassment; kindly and respectfully invite participation and warmly commend responsiveness.

ISO 31000 divides the assessment of risk into three distinct steps (risk identification, risk analysis, and risk evaluation), after which the treatment of the risk is then analyzed.

Who do you regard as your eyes and ears when it comes to risk?

Ten years ago, there was a terrible school shooting in northern Minnesota that left 10 people dead.  Shortly after it occurred, I spoke with a school security expert about the incident.  At the time, we didn’t know anything about why the shootings had occurred and there was a lot of fear and speculation going around.  I asked him if he thought school shootings were predictable (and therefore preventable) or if they were random acts of violence.  To this day, his answer still haunts me.  He said, “Someone always k

When I say “a four-letter word,” you think I’m going to say something bad, don’t you?  For many years, risk management took that same approach.  Risk was something to be avoided, transferred away, segregated and minimized.  We worked hard to minimize the adverse effects of losses and claims, transfer or prevent them when possible and finance them when necessary.  We treated risk like a bad, four-letter word and in some instances, we still do.