What is Enterprise Risk Management? Using the ISO 31000 definition of "risk" which says "the effect of uncertainty on objectives," allows the simultaneous view of both positive possibilities and negative impacts. When an organization uses enterprise risk management, it integrates the various stakeholders into the decision making. By establishing a context that will capture the environment to pursue an organization's objectives, its risk appetite and the diversity of risk criteria – all of which are critical to the nature and complexity of risks taken – can an organization enjoy greater success. For more information please visit the Division of Institutional Integrity.