Enterprise Risk Management

The subject allows students to:

  • develop an enhanced knowledge of enterprise risk management practices to assist the board, or other governing body to determine its strategic responsibility for risk-taking
  • demonstrate an understanding of how different risks operate within the context of existing enterprise management frameworks
  • formulate the organisation’s attitude and policy to risk appetite; tolerance for key individual risks and ensure clear lines of accountability

 Learning outcomes

  1. Understand and apply the foundations, concepts, frameworks and principles of enterprise risk management
  2. Quantify and explain the intersections between enterprise risk management, governance and corporate social responsibility
  3. Critically apply methods for the development, enhancement and sustainment of robust risk culture supported by enterprise risk management
  4. Manage, critically appraise and report to relevant stakeholders, the organisation’s exposure to and treatment of risk and the key risks that could undermine its people, assets, operations, strategy, reputation or long-term viability

Indicative content

The subject comprises the following 12 modules

Module 1: Risk in context

  • The nature of risk
  • Risk, strategy and objectives
  • Risk, governance and assurance
  • Risk at the enterprise level
  • ERM standards and guidelines

Module 2: Risk types and categories

  • Opportunity and adversity risk
  • Risk hierarchy
  • Conventional risk categories

Module 3: Risk policy and leadership

  • The board and management
  • Risk appetite and tolerance
  • Risk policy and oversight     

Module 4: Risk disciplines and perspectives

  • Risk, innovation and growth
  • Risk and harm avoidance
  • High reliability organisations
  • Emerging risk perspectives

Module 5: ERM in practice

  • Developing a basic ERM model
  • Risk aggregation — a portfolio view of risk
  • Risk assessment process
  • Assurance
  • ERM and business decision-making      

Module 6: ERM, governance and reputation

  • ERM and governance
  • ERM and critical stakeholders
  • Compliance and ERM
  • Reputation: The ultimate risk?

Module 7: ERM: Social and Organisational Context

  • Risk and organisational culture
  • Ethics and crisis management           

Module 8: The benefits of ERM

  • The business case for ERM
  • International trends
  • Case studies in ERM
  • How to measure and evaluate the benefits of ERM
  • Integrating ERM with other initiatives 

Module 9: Emerging risks

  • What are emerging risks?
  • ‘Slow boil’ versus ‘big bang’
  • Global risks
  • Case studies  

Module 10: ERM documentation and reporting

  • Risk reporting
  • Risk registers
  • Risk matrices and maps
  • Risk dashboards
  • ERM documentation and reporting in practice

Module 11: Current issues

  • ERM and rapid change
  • Complexity and ERM
  • ERM and organisational maturity       

Module 12: Key themes and revision

  • ERM purpose and context
  • ERM in practice
  • The future of ERM
  • Examination preparation and technique

Required texts

ISO 31000:2018 – Risk Management: Guidelines

Your career passport awaits


Expert skills.
Expert insights.
Expert opportunities.

Request a handbook today