Enterprise Risk Management (ERM) refers to the methods and processes used by organizations to manage risks, and ideally seize opportunities, that are related to the achievement of their business objectives. Traditional risk management practices sought to balance the trade-off between risks and rewards. ERM goes further, taking a holistic view that positions a company to gain investor confidence and maximize shareholder value.

While identifying 100% of an organization’s risks is most likely impossible, a sound ERM process will always result in a substantial improvement in a company's risk awareness. Risk Assessment is Phase 1 of a proper Business Continuity Plan (BCP). During this phase, management selects a risk response strategy for specific risks identified and analyzed, which may include:

• Avoidance: exiting the activities giving rise to risk;
• Reduction: taking action to reduce the likelihood or impact related to the risk;
• Share or insure: transferring or sharing a portion of the risk, to reduce it;
• Accept: no action is taken, due to a cost/benefit decision.

ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, from owners to customers and society overall.