COSO defines   ERM as a process, effected by an entity board of directors, management   and other personnel, applied in strategy-setting and across the enterprise, designed to identify   potential events that may affect the entity, and manage risk to be within its risk appetite, to provide   reasonable assurance regarding the achievement of entity objectives.

The implication   of this definition can be summarised as follows: 

A process,  ongoing and flowing through an entity. Implication –   ERM never ends. It’s about an entity improvement of risk management   capabilities and is a continuous   journey, not a destination, for any organization that seeks to improve   continually. Effected by   people at every level of an organizationImplication  Everyone should be involved in managing risk. Unfortunately in many   organizations today, ERM is localised to a particular department (Risk   Management Dept) and many officers are not even aware of the risks they are   incurring on behalf of their organizations. 

Thus, workers in establishments are divided into two as follows:

• Those who incur risks
• Those who are   saddled with the responsibility of managing risks. 

This must not be so in ERM compliant organizations. For your  organization to be ERM compliant, think on these things.