While risk management has existed for centuries, today it remains a consideration that all too often resides in an organizational silo, associated with planning a new project, evaluating a potential financial investment, complying with new regulations, or responding to a previous incident. Whereas, conceptually it is recognized that risks are inherent within an organization at all levels and in various facets, firms are struggling with how to move toward a more holistic, enterprise-wide approach to risk management.
One major challenge is how to structure a framework for identifying enterprise risks and corresponding scenarios that is all inclusive, an important precursor to performing risk assessments and subsequent development of mitigation strategies. This paper reviews the evolution of enterprise risk management (ERM), with a specific focus on risk identification and scenario development. In this discussion, the authors propose an enterprise risk identification framework, one that is representative of all potential threats to the enterprise, yet practical in its use.