Enterprise risk management involves a process consisting of establishing the following:

1. strategy
2. appropriate infrastructure
   1. different kinds of structure established within an enterprise such as organizational structure, different kinds of systems such as information system which refer to how information is collected, used and shared, determination of accountability, responsibility, methodologies to be used, control procedures
3. environment
   1. involves matters associated with people such as culture
4. operating philosophy
   1. refers to command and control or empowering (centralized or decentralised), how people are trained and developed, how appropriate behaviour of employees are incentivized, reinforced and compensated)

Enterprise risk management provides organizations with knowledge which allows them to systematically manage risks in an enhanced manner.

Enterprise risk management infrastructure

ERM infrastructure refers to a type of structure within an organization which is required for a successful risk management process. It refers to different tools that risk management process can use to ensure its success and includes the following:

1. An organizational structure
2. Risk management systems
   1. An example of a risk management system is the information system which meets informational risk management needs throughout the enterprise. Information systems should be designed and managed in a way which ensures that the system is flexible, meaning that the way in which information presented will allow various users within the enterprise to use it for their specific informational needs. The information system must also be user friendly. This will ensure that employees within the enterprise can obtain the maximum value from the system. Information systems should allow for fast recording, evaluation, summary, consolidation and sharing of information. The informational system should also be efficient. This refers to the necessity for the system to be designed in an efficient way to ensure that no tasks are unnecessarily duplicated throughout the enterprise as well as to make sure that no unnecessary activities are performed
3. Determination of accountability and responsibility
4. Methodologies and techniques to be used in risk management:
   1. Established control procedures
   2. Risk management unit which is at the center of risk management within the organization
   3. Risk management policies and procedures – refers to the set of rules of how risk management is undertaken within the enterprise. A top-down approach should be used to develop risk management policies and procedures. A top-down approach will ensure consistency and alignment with the risk appetite (how much of risk the company wants to accept) and business strategy. Risk management policies and procedures must be developed with input from all levels of the management from all areas of the business to ensure their alignment as well as to incorporate their knowledge about specific risks faced by their areas. Risk management policies and procedures should also be understood by all employees
   4. Reporting on risk management process – the addressee of the reports on risk management process performance should be in close proximity to the risks to be able to take timely action.