What's new

P1.T1.20.12 Enterprise Risk Management (ERM): benefits, reasons and risk culture

Nicole Seaman

Director of FRM Operations
Staff member
Learning objectives: Describe Enterprise Risk Management (ERM) and compare an ERM program with a traditional silo-based risk management program. Compare the benefits and costs of ERM and describe the motivations for a firm to adopt an ERM initiative. Explain best practices for the governance and implementation of an ERM program. Describe risk culture, explain characteristics of a strong corporate risk culture and describe challenges to the establishment of a strong risk culture at a firm.


20.12.1. According to GARP, each of the following is one of the top ten benefits of enterprise risk management (ERM) EXCEPT which is NOT a benefit of ERM?

a. Hedges risks using derivative instruments
b. Focuses oversight on the most threatening risks
c. Optimizes risk transfer expenses in line with risk scale and total cost
d. Manages emerging enterprise risks such as cyber risk, anti-money laundering (AML) risk, and reputation risk

20.12.2. GARP explains that "perhaps the biggest argument for ERM is that an enterprise-level perspective is the best way to prioritize risks and optimize risk management." Each of the following is one of the four key reasons that enterprise risk might demand the practice of (or, the art and science of) enterprise risk management, ERM, EXCEPT which is NOT one of the four key reasons?

a. Identify hidden and/or dangerous concentrations including (for example) geographical, industry, product, or among supplier
b. Vertical vision recognizes potential threats to the whole enterprise ideally in their early stages to reduce the leverage effect of time
c. Portfolio thinking permits the business units to specify a more accurate distribution that incorporates the allocation of corporate overhead
d. Thinking beyond silos acknowledges diversification among risk types and better understanding of how interactions might worsen enterprise threats

20.12.3. Each of the following is true about risk culture EXCEPT which is false?

a. Risk culture is difficult to address because it is multilayered where layers include the enterprise, the local group, and the individual
b. Key risk culture indicators include, but are not limited to, these four: accountability; effective communication and challenge; incentives; and leadership tone
c. The most efficient way to improve a company's risk culture is to manage directly its risk indicators, in particular, its external risk culture indicators
d. Risk culture is the set of goals, values, beliefs, procedures, customs, and conventions that influence how staff create, identify, manage, and think about risk within an enterprise, including implicit and explicit beliefs.

Answers here:
Last edited by a moderator: