Enterprise Risk is a concept used by stakeholders, management, employees or auditors to express concern about the probable material effects of an uncertain environment on business goals.  Enterprise risk management helps us find ways to manage events that will negatively impact the financial, physical, or human capital of an organization or institution.  It is the continuous process of identifying and assessing risk, reducing the potential that an adverse event will occur, and putting steps in place to address any event that does occur.

As a strategy and key management tool, risk management has been used in industry and the public sector for decades.  Organizations and institutions put tangible assets (such as dollars, technology, processes, and people) and intangible assets (such as reputation, brand and information) at risk to achieve objectives. Whether the organization is for-profit, not-for-profit or governmental, the task of management is to manage these risks in an uncertain environment.

The goal of Enterprise Risk Management is to systematically:

• Integrate concerns for risk into an organization's daily decision making and implementation process
• Recognize resource allocation implications
• Understand the opportunity cost or trade-off (s) with any decision.

So what is risk? Risk management is the act or practice of dealing with risk. It includes planning for risk, assessing (identifying and analyzing) risk areas, developing risk-handling options, monitoring risks to determine how risks have changed, and documenting the overall risk management program." There are many different types of risk, such as:

• Financial and Cost: Loss of program funds and resources
• Process: The risks associated with misaligned processes to achieve business objectives.
• Intangible: Damage to reputation, brand and lost information.
• Time (schedule): Delays, opportunity cost, mission loss.
• Human: Loss of knowledge, skills and commitment of people.
• Legal: Loss due to Governmental, federal and local regulations.
• Physical: Loss of land, buildings and equipment.

Historically, financial risk management is the most common category of risk that consumes a majority of corporate/institution resources. But, lack of organizational ethics and poor management practices in the last few years have caused Federal and commercial institutions to pay particular attention to improving their approach towards risk management at the Enterprise level. This approach includes all elements of an organization: internal processes, financial reporting, and human capital management.

Initiatives should be evaluated for risk if and/or when:

• Performance and accountability are impacted
• The program is susceptible to fraud, waste, or abuse
• There is a systemic problem, such as ineffective policies and procedures, creating a material weakness
• The program involves public health or safety, service delivery, economic growth or the program could result in significantly impaired service, program failure, injury or loss of life, or significantly reduce
• Economy, efficiency, or effectiveness.