The definition contains a number of key phrases. Firstly, ERM is initiated by the board of directors in the first instance, but is cascaded across the organisation via line management. Secondly, it is broad based because it encompasses all potential events that may affect achievement of objectives. Lastly, ERM aims to contain risk within the boundaries of a specified risk appetite and provide reasonable assurance in this regard.