ENTERPRISE RISK MANAGEMENT (ERM) is a comprehensive approach to identifying, mitigating and transferring most risk faced by a business entity.  (For more click on “Engagements ERM” on this website).  Some interpretations of ERM include all of the various types of business risk ranging from rapid unanticipated changes in the market place to insurable fire risk.  There is general agreement that ERM goes beyond insurable risk.

The purpose of ERM is to prepare a business to survive and thrive through a catastrophic event or turn of events à la COVID-19.


Risk Identification (RI)

There must be collaboration with key knowledge holders (KKH*) and leaders to::

  • Predict the future – imagine internal and external situations and events that cause a major business disruption.
  • Appreciate that strategic foresight starts with irreducible uncertainty of the future and through Scenario Planning helps leaders make better decisions.
  • Identify the most significant forces that shape the future of the market sector and the enterprise operations and visualize how these interact.
  • Revise mental models of current conditions based on these predictions.
  • Be aware that the prediction will not be entirely accurate so strategies must be elastic.
  • Recognize that it is unrealistic to assume that we humans always make rational choices under uncertainty and such choices are the primary driver of risk.


Crisis planning facilitates integrated and automated response capabilities that activate non-routine leadership and gives KKH’s and leaders confidence to adjust on the fly when the real crisis, whatever it may be, occurs.

Another way to think about Crisis Planning is practice (rehearsal) for a performance in a stage play.  Contrarily, no one would agree to perform if there was no practice.

KKH’s and leaders:

  • Leverage imagined futures to sharpen their response to the unexpected.
  • Improve their readiness.  So for a real crisis the team will feel they “have done it – been there”.  Also, they iron out issues in a safe non crisis environment.
  • Grow and use their “muscle memory”, i.e. make good decisions without always the need for deliberate, slow and conscious thought.  Good decisions instinctively.
  • Develop a sense of being battle tested and mentally ready, with confidence, to confront the crisis.
  • Learn pressurized decision making, i.e. the dilemma of making quick decisions with inadequate data.
  • Enterprises need to develop a future of continuous improvement through exercises, drills, simulation exercises and scenario testing.  Planning for Mitigation often results in KKH’s and leaders making adjustments before the event that help reduce the consequences and often without much deliberate thought, since when it’s ingrained, it’s likely considered an everyday aspect of the job.  Ideally this is or becomes part of the culture.

It’s highly unlikely that the actual crisis occurs as planned, à la COVID-19, but such planning makes an enterprise more responsive and resilient to any crisis no matter how unexpected.

With out clients we find significant improvement in clarity of roles, protocols, internal communication paths and escalation procedures across the business to respond to a crisis.

“In preparing for battle I have always found that plans are useless, but planning is indispensable.”

– Dwight D. Eisenhower 34th President and Brigadier General and Supreme Allied Commander in Europe During WW2.


Transfer is always an important component of ERM.  The Risk Manager** evaluates and oversees implementation of appropriate

  • Insurance – Terms & Conditions, retentions/deductibles and limits
  • Contract indemnities and insurance provisions with:
    • Customers
    • Vendors and any other 3rd party contracts
  • Alternative Risk Financing – Pools, captives and others

ERM must dynamically align with an enterprise and it’s environment, as both continually change, so there must be constant re-evaluation of an enterprise’s risk and tools for Risk Identification, Mitigation and Transfer.  This will assure superior crisis management and resilience.

The alternative to ERM, crisis management, is much more expensive and much less effective.

Most important

to remember is that crisis situations are opportunities for enterprises to rise to the challenge (and perhaps slay competition when competitors are affected by the crisis, à la COVID-19).  In any case it is our passion that by ERM our clients come out of a crisis stronger, more efficient and more resilient to face the next disruption.


*KKH’s are managers and/or technical specialists who have experience and detailed understanding of each of the basic enterprise functions including operations, marketing, financial, cyber technology and administrative to name a few.

**We often serve in this role, i.e. as part time, independent contractor, out sourced Risk Manager.

More on ERM:    www.erm.nscu.edu