Skip to content

Enterprise Risk Management

Key subject details

Subject Enterprise Risk Management
Description This subject allows students to develop an enhanced knowledge of enterprise risk management practices to assist the board, or other governing body, to determine its strategic responsibility for risk taking, how different risks operate within the context of existing enterprise management frameworks, formulate the organisation’s attitude and policy to risk appetite, tolerance for key individual risks, and ensure clear lines of accountability.
Year of delivery 2023
Award Graduate Diploma of Applied Corporate Governance and Risk Management
Chartered Governance Institute Qualifying Program Chartered Governance Professional
Core/Elective Core
Australian Qualification Framework (AQF) level 8
Subject credit points 10
Total course credit points 60
Pre-requisites None
Assumed knowledge Risk and Compliance

Non-award students who enrol in Enterprise Risk Management without first completing Risk and Compliance should ensure they have appropriate work experience in risk management or underlying knowledge in the content areas covered in both these subjects.

Mode of study Online
Part-time/Full-time Part-time over one semester
Teaching weeks 12
Student workload 164 hours comprising:

  • two (2) time-tabled hours per taught week
  • ten (10) personal study hours per taught week
  • twenty (20) personal study hours for exam preparation
Assessment task (Weighting) Presentation (20%)
Assignment (30%)
Examination (50%)
Key contacts Further information to assist you in your studies at Governance Institute can be requested from: education@governanceinstitute.com.au.

Subject learning outcomes

  1. Understand and apply the foundations, concepts and principles of enterprise risk management (ERM) and its connection to technical or discipline-specific risk management
  2. Analyse and explain the relevance of ERM to corporate governance, strategic planning and corporate social responsibility
  3. Recognise how organisational culture enables and supports ERM and critically apply methods for developing, enhancing and sustaining a mature risk culture
  4. Critically appraise and report to stakeholders on the organisation’s risk exposure and risk mitigation in the context of its strategic direction, reputation and long-term viability

Subject aims

This subject has been designed to:

  • give students a solid understanding of ERM and its relevance to corporate governance, financial management, project management and other aspects of corporate strategy
  • provide a sense of how global events and trends affect enterprise risk management and sharpen the focus of regulators, communities and stakeholders on risk management as an aspect of good governance and corporate value
  • summarise the new and emerging sources of risk, in areas such as social media and corporate reputation, changing regulatory and social responsibility environment, critical data and information management, global volatility and technological change
  • provide a detailed understanding of the tools and methods used to effectively manage risk, such as risk identification, quantification, reporting and analysis, and how these methods enable and support prudent risk-taking and risk-informed decision making
  • provide a thorough understanding of how risk management can be applied in a range of contexts, using the Australian Standard AS ISO 31000:2018 Risk management — Guidelines as a set of guiding principles for ERM, along with other applicable Standards and guidelines.

Throughout this subject, reference is made to the Australian Standard on risk management, AS ISO 31000:2018 Risk management — Guidelines. AS ISO 31000:2018 was issued by Standards Australia and is identical to the international Standard ISO 31000:2018 Risk management — Guidelines and provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organisation.

Indicative content

The subject is divided into the following 12 modules:

Module 1 — Enterprise risk — Strategy, performance and objectives

  • The nature of risk
  • Risk, strategy, performance and objectives
  • Risk, governance and assurance
  • Risk at the enterprise level
  • ERM standards and guidelines

Module 2 — Risk types and categories

  • Opportunity and adversity risk
  • Risk hierarchy
  • Conventional risk categories

Module 3 — Risk policy and leadership

  • Risk assurance
  • The board and management
  • Risk appetite and tolerance
  • Risk policy and oversight
  • Risk accountability

Module 4 — Risk disciplines and perspectives

  • Risk, innovation and growth
  • Risk and harm avoidance
  • High reliability organisations
  • Emerging risk perspectives
  • Risk velocity

Module 5 — Resilience management

  • Emerging risk
  • Business continuity
  • Case studies

Module 6 — ERM in practice

  • A portfolio view of risk
  • Assurance
  • ERM and business decision-making

Module 7 — ERM, governance and reputation

  • ERM and governance
  • ERM and compliance
  • Reputation – The ultimate risk impact?

Module 8 — Social and organisational context

  • Risk and organisational culture
  • Decision-making
  • Risk culture
  • Psychology of risk-taking

Module 9 — Reporting and documentation

  • Risk reporting
  • Risk registers
  • Risk heat maps and profiles
  • Risk dashboards
  • ERM reporting and documentation in practice

Module 10 — Complexity, change and organisational maturity

  • ERM and rapid change
  • Complexity and ERM
  • Organisational maturity and risk maturity models

Module 11 — The benefits of ERM

  • The business case for ERM
  • Case studies in ERM
  • Evaluating the benefits of ERM
  • ERM and other initiatives

Module 12 — Key themes and revision

  • ERM purpose and context
  • ERM in practice
  • The future of ERM
  • Examination preparation and technique

Required resource

Students are required to access a full copy of the Australian Standard AS ISO 31000:2018 Risk management — Guidelines.