Traditional Risk Management and Enterprise Risk Management – same difference?

Sword GRC Blog

Traditional Risk Management and Enterprise Risk Management – same difference?

Traditional risk management (TRM) and Enterprise Risk Management (ERM) have much in common – they’re both methods of identifying, assessing and reaching decisions that minimize the adverse impact of risks within the organization. They both follow the same risk management processes. Yet where ERM leaves TRM standing is it when it comes to scope – an enterprise-wide view of risks is extensive all all-encompassing.

Traditional risk management tends to be more localized with focus on a specific aspect of dealing with risk and implementing a simple solution. The NC State Poole College of Management Enterprise Risk Management Initiative’s ‘What is Enterprise Risk Management’ article* provides a useful explanation:

“Traditionally, organizations manage risks by placing responsibilities on business unit leaders to manage risks within their areas of responsibility. For example, the Chief Technology Officer (CTO) is responsible for managing risks related to the organization’s information technology (IT) operations, the Treasurer is responsible for managing risks related to financing and cash flow, the Chief Operating Officer is responsible for managing production and distribution, and the Chief Marketing Officer is responsible for sales and customer relationships, and so on. Each of these functional leaders is charged with managing risks related to their key areas of responsibility. This traditional approach to risk management is often referred to as silo or stove-pipe risk management whereby each silo leader is responsible for managing risks within their silo.”

The article goes on to suggest that this approach is not without limitations. There may be ‘significant risks on the horizon that may go undetected by management and that might affect the organization.’


Enterprise risk management provides a far broader perspective, considering all types of business risk as well as loss exposures generated from hazards. Where TRM’s perimeters may be a department or business unit, ERM, as its name suggests, takes a holistic, enterprise-view, encompassing strategic, operational and financial risks across departments and geographies.

Given the somewhat limited view that TRM delivers, ERM offers a superior platform from which reliable, accurate and real time risk data supports informed decision-making.

The ‘What is Enterprise Risk Management’ article highlights that armed with a top-down, enterprise view of risk, organizations can prioritize threats, plan risk responses and manage risk effectively to mitigate impacts. “Proactively thinking about risks should provide competitive advantage by reducing the likelihood that risks may emerge that might derail important strategic initiatives for the business and that kind of proactive thinking about risks should also increase the odds that the entity is better prepared to minimize the impact of a risk event should it occur.”

Importantly, ERM can help businesses to identify positive risks too – opportunities where value can be added. Real-time visibility of risks supports agility and helps create resilience within a rapidly changing risk landscape.

See how Sword GRC’s market leading enterprise risk management software supports business performance for leading companies in all sectors, across the globe.

Discover Active Risk Manager

*What is Enterprise Risk Management (ERM)? | ERM – Enterprise Risk Management Initiative | NC State Poole College of Management (