Enterprise Risk Management

Use the Risk Manager solution within the Diligent One Platform to take a structured, scalable approach to managing enterprise risk.

Overview

Enterprise risk management (ERM) is a strategic, plan-based approach that enables organizations to identify, assess, respond to, and monitor risks that may impact business performance and long-term goals. While ERM often focuses on mitigating risk exposure, it can also help surface potential opportunities that support innovation and growth.

Risk Manager empowers your organization to operationalize ERM by centralizing risk data, standardizing evaluation methods, and aligning risk management activities with business strategy. With Risk Manager, risk teams can build a risk-aware culture and respond proactively to emerging threats.

How it works

The ERM process, as supported by Risk Manager includes the following steps:

  1. Risk identification Identify potential threats that could impact your organization’s strategic or operational goals. These threats may include:
    • Strategic risks that affect long-term planning.
    • Operational risks that disrupt day-to-day activities.

      • You can define risks using custom attributes that align with your organization’s goals and objectives.

  2. Risk relationship and hierarchy Assess the vulnerability of critical assets, processes, or an entire organization to specific threats and evaluate how various risks relate to each other and to key assets or processes. Establish a hierarchy to organize and understand how risks interact. This helps visualize dependencies across the organization. You can relate risks to:
    • Other risks
    • Controls
    • Organizations
    • Assets
    • Critical processes
  3. Risk assessment Assess each risk based on likelihood, impact, and other relevant factors such as velocity or organizational tolerance. Risk assessments help prioritize efforts and determine the need for mitigation actions. The assessments determines possible mishaps, their likelihood and consequences, and your organization's tolerance for these events. Risk assessment can be based on a number of factors such as impact, likelihood, and velocity. Risk Manager supports tracking of:
    1. Inherent risk: The level of risk before mitigation. For example, risk of fraud in the absence of controls.
    2. Residual risk: The remaining risk after controls are in place. For example, risk after installing monitoring systems. Therefore, Residual risk = Inherent risk - Mitigation
  4. Risk scoring Use Risk Manager to calculate risk scores using weighted scoring models. These scores help quantify risk and prioritize mitigation based on business impact.

 

Roles involved in ERM

People involved in a risk management program can include:

  • Risk Managers - Use Risk Manager to implement and monitor the ERM program
  • Risk Owners - Manage specific risks within business units
  • Risk Assessors - Evaluate risks and controls across domains
  • Chief Risk Officer - Own the risk strategy and governance model

Risk management solution guides

Getting started with the Risk Manager

Learn everything you need to know about getting started with the Risk Manager.

Adding and managing risks

Learn how to add and manage risks and controls in the Risk Manager.

Adding and managing controls

Learn how to add and manage controls in the Risk Manager.

Create risk relationships

Learn how to create risk relationships by linking your risk to different entities.

Assessing risks and calculating risk scores

Learn how to assess the risk and calculate the risk scores in the Risk Manager.

Assessing controls

Learn how to assess controls in the Risk Manager.