ASTM E3502 : 25

1.1 This practice establishes a structured framework for identifying, assessing, treating, monitoring, and communicating risk across an organization. It provides a common language and approach to risk that supports the integration of enterprise risk management (ERM) into governance, strategic planning, decision-making, and operational processes. The goal is to enhance resilience, ensure compliance with legal and regulatory obligations, and promote organizational sustainability and continuity.

1.2 This practice applies to all levels of an organization, including governance, strategy, operations, and assurance functions. It is designed for use by organizations of all sizes and sectors, both public and private. The practices outlined herein are designed to support effective management of financial, operational, strategic, technological, legal, environmental, compliance, and reputational risks.

1.3 Managing risk across the enterprise is an iterative and systematic process that enables organizations to:

1.4 The enterprise risk management (ERM) approach outlined in this practice is applicable to all types of risks, including those identified through a structured PESTLE (Political, Economic, Social, Technological, Legal, and Environmental) analysis. The use of the PESTLE framework helps organizations assess external and internal context and ensures comprehensive risk identification.

1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.

1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.