For some time, I have been thinking about a 30-second elevators pitch on ERM as I have seen it applied in financial services. I have had in mind something based around the risk and return trade-off in investments; something that says decisions need to take account of risk and returns - and not just returns. While this makes sense to me on a conceptual level, I don't think it gives a sufficiently accurate description of the many activities associated with ERM.
I think I have found something that works better for me: 'protect and enable'. I think it captures well the tension between risk and return. It also seems to highlight the business challenge of risk and compliance functions in terms of designing and operating controls and reporting mechanisms and the wider involvement of risk in decision making.
Sadly, I did not come up with this way of summing up ERM. I read this in the transcript of a UK bank appearance in front of a UK Parliament Commission on Banking Standard - worth a reading in its own right. (Click here to read the transcript, 'enable and protect' features in the response to DQ462.)
I would be interested to know if you have come across 'protect and enable' before; a quick search in Google did not reveal much. Does 'protect and enable' work for you? Are there any alternatives that work for you that you can share?