top of page
new main image.png


learn more

Why Enterprise Risk Management?

Enterprise Risk Management (ERM) is often perceived as a complex, inaccessible and annoying requirement imposed on organisations by regulators, to be kept up to date just to pacify auditors. This is contrary to the intent of ERM, where if properly designed and applied, can support organisations in building the cultures they desire and remain nimble enough to find the opportunities in the most uncertain of environments.


Users of ERM often have different drivers. This confuses the requirements of those who are actually managing the risks and imposes a bureaucratic burden on already busy people. The challenge therefore is to make Enterprise Risk Management simple enough so that it can be used throughout an organisation.

Different drivers for doing Risk Management:

Screenshot 2020-07-15 at 08.45.56.png

Bottom up:​

  • Keep people safe – health and safety driver​

  • Maximise production​

  • Environmental and Social (ESIA)​

  • Deliver projects on time​


  • Requirement from top for more information, of better quality, faster​

  • Ability to balance risks​

  • Move to integrated, Enterprise-wide risk management

Top down:​

  • Reporting requirements​

  • Compliance​

  • (Traditionally) dominated by financial risk reporting​

  • Balancing of portfolio risk​

Future:  ​

  • Anticipate larger focus on ESG​

  • Clear stating of risk appetite and tolerance + longer term viability​

  • Expectation by shareholders for faster reporting / awareness​

  • Move to integrated, Enterprise-wide risk management

What is Enterprise Risk Management?

Simple, integrated, enterprise-wide risk management provides the mechanism through which all risks can be understood and balanced. Over the past 6 years, Satarla has utilised a simple 4-step risk management process to act as the translation tool between different risk management disciplines and through the different layers of organisational management including core employees and third party stakeholders. 

This 4-step risk management process allows users to pose the question:  “given the context in which I am operating and objectives I am trying to achieve, the risks I face and my ability to manage them, is it even possible for me to achieve my objectives?”. This simple question is the heart of risk management as it rapidly allows the user to move from the identification of risk to the management of risk. 

Diagram of the 4-step Risk Management process

Screenshot 2020-07-16 at 13.50.26.png

The iterative tool also enables users to make decisions rapidly and also better define the more detailed risk assessment tools, such as Extended Enterprise Network, Toolbox, Bowties, Risk Appetite and Tolerance and so on. These then help them fully understand the risks that they face and enable informed risk based decision making.


In summary, a simple integrated risk-based decision making approach to risk management is at the core of our offering. This can be used at all levels in an organisation to identify and manage risks.  It can also be scaled up, easily and quickly, in complexity to reflect the true enterprise interlinkages between risks and controls, and the impact of changes (real or modelled) in the environment to those risks.

Read some of case studies to find out how Satarla delivered integrated enterprise risk management training and consultancy, enabling organisations to make risk based decisions to achieve their goals and objectives.



We have teams and clients based all over the world, from London to Johannesburg, Sydney, Santiago and Vancouver.


Case Study

Design and Deployment of ERM for ALLTECH


Case Study

COVID-19 Management and Returning to Office


Case Study

Implementing ERM in a Large Sports Organisation

bottom of page