Learn what ERM leaders need to include in ERM frameworks, policies and committee charters
- Gartner client? Log in for personalized search results.
Enterprise Risk Management Framework, Policies and Charters Report
What should heads of ERM include in ERM frameworks, policies and governance documents?
Enterprise risk management (ERM) programs often merge governance documents without considering different audiences, detail levels, and review frequencies. This oversight can lead to unclear relationships among documents, resulting in confusion and poor communication about risk management.
Download the Gartner ERM Frameworks, Policies, Charters, and More report to:
- Develop a governance and risk management strategy with ERM frameworks
- Document risks, responsibilities, and processes using ERM policies
- Guide risk owner behavior with ERM standards and guidelines
- Define structure and accountability with risk committee charters
About Enterprise Risk Management (ERM) Framework
Without a universally accepted standard on the structure of enterprise risk governance, heads of ERM have many choices to make when crafting their ERM programs’ governance documentation. For example, ERM departments can be governed by various types of ERM frameworks, and many frameworks, policies, standards and guidelines can be combined into overlapping documents. The amount of choice with which heads of ERM, executives and corporate directors are confronted often leads to confusion as to what each type of document should do and how they should relate to each other.
This research directs heads of ERM on what to include in each type of document to fulfill its specific purpose and be easily consumed, based on our review of ERM governance documents and interactions with clients. Providing a clear and separate purpose for each type of document allows each to have maximum utility for varying audiences and have different review frequencies.
Enterprise Risk Management Framework (ERM) FAQs
How can ERM leaders use ERM frameworks to establish governance and risk management?
Heads of ERM can select an existing ERM framework to establish a high-level structure and guidance for implementing and managing risk and customize the framework to suit organizational needs. COSO 2017 and ISO 31000 are the two best known and widely used ERM frameworks.
What are ERM frameworks, policies, standards and guidelines?
ERM frameworks, policies, standards and guidelines all document how the organization must govern enterprise risks and what the roles and responsibilities are for various stakeholder groups.
Why is ERM framework important?
Establishing ERM’s responsibilities and the risk management responsibilities of other corporate functions is often challenging even for experienced heads of ERM. With unclear delineations of responsibility risk owners could fail to understand their role of managing risks in their business domains on a day-to-day basis, and risk committees could fail to understand their oversight role.