What is Enterprise Risk Management?

Risk is part of all our lives.

As a society, we need to take risks to grow and develop. From energy to infrastructure, supply chains to airport security, hospitals to housing, effectively managed risks help societies achieve. In our fast paced world, the risks we have to manage evolve quickly. We need to make sure we manage risks so that we minimise their threats and maximise their potential.

Risk management involves understanding, analysing and addressing risk to make sure organisations achieve their objectives. So it must be proportionate to the complexity and type of organisation involved. Enterprise Risk Management (ERM) is an integrated and joined up approach to managing risk across an organisation and its extended networks.

Because risk is inherent in everything we do, the type of roles undertaken by risk professionals are incredibly diverse. They include roles in insurance, business continuity, health and safety, corporate governance, engineering, planning and financial services.

Our mission is to build excellence in risk management, in all sectors and across the world.

Get involved

Risk management standards

A number of standards have been developed worldwide to help organisations implement risk management systematically and effectively. These standards seek to establish a common view on frameworks, processes and practice, and are generally set by recognised international standards bodies or by industry groups. Risk management is a fast-moving discipline and standards are regularly supplemented and updated.

The different standards reflect the different motivations and technical focus of their developers, and are appropriate for different organisations and situations. Standards are normally voluntary, although adherence to a standard may be required by regulators or by contract.

Our professional qualifications seek to equip students with the knowledge and judgement to select the appropriate standard or standards for use within their organisation.

Commonly used standards include:

· ISO 31000 2018 – Risk Management Principles and Guidelines

· A Risk Management Standard – IRM/Alarm/AIRMIC 2002 – developed in 2002 by the UK’s 3 main risk organisations.

· ISO/IEC 31010:2019 – Risk Management – Risk Assessment Techniques

· COSO 2004 and 2017 – Enterprise Risk Management – Integrated Framework

Guidance for practitioners

· OCEG “Red Book” 3.0: 2015 – a Governance, Risk and Compliance Capability Model

· Orange Book 2020 – Risk Management Framework produced by the UK Government

IRM members can get further information and links to standards from our Online Resource Centre.

Risk management careers

Risk-related careers are incredibly diverse, reflecting the widespread role of risk management in companies and communities. Risk roles range from banking and insurance to logistics and infrastructure, aviation, space travel, construction, public health, international development and many more. Our members, for example, work at all levels across the public, private and voluntary sectors, in 143 countries.

Awareness of the importance of risk management in the world’s new high growth economies is increasing. Because of their highly transferable skills, qualified and experienced risk management professionals are able to move easily between different sectors and countries.

Our Professional Standards Framework provides a route to help risk management professionals develop their knowledge and expertise through every stage of their career.

Becoming a risk professional

Risk Managers come from a very wide range of professions and industries. If your goal is to progress swiftly in your risk management career, achieving a professional qualification in risk management gives you the knowledge and confidence to help you stand out.

If you hold a senior strategic and decision making risk role and have 3 to 8 years of risk managment experience, you can apply to be a CMIRM or CFIRM, the highest internationally recognised awards available for risk management practitioners.

Risk management qualifications

Our International Certificate in Risk Management is taught as two modules, and we advise students to take both modules together. The International Certificate gives you a thorough grounding in the principles and practice of risk management. Achieving the Certificate allows you to become a full member of IRM and use the internationally recognised designation IRMCert after your name.

The International Diploma in Risk Management builds upon the foundations of the International Certificate, providing in-depth knowledge across a further four modules. Successful completion of the International Diploma allows you to use the designation CMIRM after your name.