Enterprise Risk Management (ERM) refers to the integrated, company-wide framework for systematically identifying, assessing, controlling and monitoring all risks β from operational and financial to cyber and compliance risks.
ERM vs. TPRM: How do they relate?
Enterprise Risk Management is the overarching framework within which TPRM is embedded as a specialised sub-discipline. While ERM covers all risk types β strategic, financial, operational, regulatory β TPRM specifically focuses on risks from third-party relationships. A mature ERM programme integrates TPRM as an essential component.
TPRM is a specialist discipline within the ERM framework β with its own methods, tools and regulatory requirements.
COSO ERM Framework fundamentals
The COSO ERM Framework is the internationally recognised standard for Enterprise Risk Management. It defines eight components: Internal Environment, Objective Setting, Risk Identification, Risk Assessment, Risk Response, Control Activities, Information & Communication and Monitoring. ISO 31000 provides a complementary, principles-based approach.
ISO 31000 is the international standard for risk management and forms the methodological basis for ERM programmes in Europe.
ERM and regulatory compliance
NIS2, DORA and KRITIS require affected organisations to maintain a structured risk management system β which is essentially ERM. Executives are personally liable for inadequate risk management. 360TPRM supports the TPRM sub-area of ERM with automated monitoring and compliance reporting.
NIS2 makes executives personally liable for inadequate risk management β ERM is no longer optional but mandatory.
FAQ
Automate TPRM within your ERM framework
See in a 45-minute demo how 360TPRM specifically meets your requirements.
Request free demo β