Menu Search

Enterprise risk management

Enterprise risk management (ERM) is a process for identifying and evaluating risks so that risks can be effectively mitigated and monitored. ERM helps measure and prioritize risk mitigation as an interrelated system, rather than looking at risks in silos.

ERM is beneficial in helping municipalities make strategic decisions that can help save time and money, reduce risk over time, assist in knowledge transfer to new employees or councillors, and reduce legal liability.

This toolkit includes two key components to help municipalities get started using ERM—a guide and a risk register. An overview of the guide and risk register are provided in the webinar below.


The guide provides a foundation on ERM by explaining concepts and processes. It describes a seven-step process for risk management and includes the roles of elected officials and administration, as well as best practices in how to integrate risk into municipal processes such as strategic planning, budgeting and capital planning, and asset management. Various tools for council and administration are provided including a sample municipal risk policy statement, a glossary of terms, common municipal risks and risk types, and a scoring system for measuring the likelihood and impact of risks.

The risk register is a user-friendly tool that allows municipalities to identify, manage, and monitor their risks. Once you download the Excel-based risk register to your computer, you can customize it to your municipality, and use it to track and communicate your municipality’s specific risks. Try it out, and create your municipality’s automated and customized ERM reports.

AUMA’s advocacy team would be happy to help you in understanding how to utilize the toolkit. If you would like assistance, please contact us.