This document provides an overview of enterprise risk management. It defines risk and risk management as processes for minimizing unfavorable outcomes at the lowest cost. Enterprise risk management is a common framework that identifies potential risks and manages opportunities to reasonably achieve organizational objectives. It also describes the components of an effective risk management organization, including infrastructure, planning, implementation, control, and maximizing firm value. Key components of risk management are identified as event identification and risk assessment, risk response, information and communication, monitoring, and control activities. An example is provided of risks that led to the bankruptcy of Baring Bank.