What is Enterprise Risk Management (ERM)?
ERM manages risk at the whole-organization level — strategic, financial, operational, reputational, compliance — setting the risk appetite that cascades down into portfolio, program, and project thresholds. Project risk management plugs into it: your project's "high impact" definition was (or should have been) derived from the enterprise's.
The flow runs both ways: projects escalate risks that breach organizational tolerance, and ERM's appetite shapes which projects get selected at all.
Worked example
A utility's ERM framework caps total construction exposure in wildfire zones. When a transmission project's route optimization proposes 40km through high-risk terrain — fine by the project's own numbers — the enterprise threshold vetoes it, and the routing constraint enters the charter. The project never even sees the risk debate; ERM had it years earlier, once, for every project to come.