Enterprise risk management (ERM) is a relatively new discipline that focuses on identifying, analyzing, monitoring, and controlling all major risk classes (e.g., credit, market, liquidity, operational risk classes). Operational risk management (ORM) is a subset of ERM that focuses on identifying, analyzing, monitoring, and controlling operational risk. The purpose of this article is to explain what enterprise risk management is and how operational risk management first into the ERM framework. In our conclusion, we discuss what is likely to happen in the ERM/ORM environment over the next 5 years.