Which statement best describes enterprise-wide risk management (ERM)?

• A. It is an approach to managing all of an organization's key risks and opportunities.
• B. It focuses only on environmental risk.
• C. It is the same as compliance management.
• D. It only addresses supply chain risk.

Answer: (D)

Enterprise-wide risk management is a holistic, organization-wide approach that identifies, assesses, prioritizes, and manages both risks and opportunities that could affect achieving the entity’s objectives. It isn’t limited to one area or type of risk; instead, it integrates risk considerations into decision-making across all functions and levels, spanning strategic, financial, operational, hazard, regulatory, cyber, and reputational domains. By looking at the full spectrum of risks and opportunities together, ERM aims to protect value and create it through coordinated governance, culture, and responses throughout the organization.

The other descriptions are too narrow: focusing only on environmental risk ignores many other important risk areas; equating ERM with compliance management reduces risk to regulatory adherence rather than an integrated, value-focused view; and addressing only supply chain risk leaves out many other significant risks and opportunities the organization faces.