There appears to be a growing view that Risk does not need to be aggregated to have an effective ERM. I believe this is due to a combination of the rush of inadequate software products on the market and the infiltration of Q.A. mentality into ERM.
Enterprise Compliance Today
This week I thought I'd re-print an extract from an interview with Greg Carroll by Greg Hutchins from US based Certified Enterprise Risk Manager® (CERM) Academy, on my upcoming book "Mastering 21st Century Enterprise Risk Management".
Without aggregation, ERM loses any meaning and purpose. (see Why Aggregate Risk in ERM) So if accepting the need to aggregate risk, both from business units to group and between diverse natures of risk, how do you aggregate risks?