By Frank David, Enterprise Risk Management Alumnus (’25SPS, ERM), School of Professional Studies
Before applying to Columbia University School of Professional Studies (SPS), I had recently completed my Executive MBA from Thunderbird School of Global Management and had joined MUFG Bank as a vice president on a large-scale BCBS 239 transformation program. I came from a consulting background where I had worked on complex transformations across asset management firms, financial institutions, and technology-driven organizations. I was comfortable with execution and delivery.
However, that confidence changed quickly once I stepped into the BCBS 239 transformation program. I realized I did not truly understand risk. Meetings felt like a black box. Risk terminology was used with ease, yet I struggled to connect those concepts to the work I was doing. After every meeting, I found myself researching terms and trying to piece things together. It was inefficient and unsatisfying.
I was not looking for definitions alone. I wanted a starting point. I wanted to understand where these concepts came from and why they existed. That search led me to the Enterprise Risk Management (ERM) program at SPS. When I understood how enterprise risk sits above individual risk types and provides structure to decision-making, I applied immediately.
My ERM Program Experience
The Enterprise Risk Management program gave me exactly what I had been searching for: structure. My journey in the program began with traditional ERM, and many of the questions I had carried for years were answered even before I asked them. Starting with a clear explanation of what risk actually is, supported by simple and memorable examples, created a strong foundation that still stays with me.
As a full-time professional, I appreciated the flexibility of the program. I did not have to step away from demanding work to learn. Instead, I could apply concepts in real time to active regulatory and transformation challenges. That immediate feedback loop accelerated my learning in a way no standalone training ever had.
Frameworks such as COSO ERM 2017 and ISO 31000 were presented as practical tools rather than abstract standards. Concepts like the three lines of defense finally made sense in context. The distinction between traditional ERM and value-based ERM was especially impactful. I learned how qualitative risks identified through traditional ERM can be translated into more measurable and quantifiable inputs under a value-based approach. That shift helped me understand how organizations move from simply describing risk to prioritizing it and using it to inform strategy.
One course that stood out to me was Risk Regulation in Finance. It aligned closely with my professional experience and helped bridge theory with practice. The course examined how regulations are developed, interpreted, and enforced, and it included meaningful interaction with industry practitioners across multiple risk areas. Those discussions helped me better understand how regulatory intent flows into operational and capital decisions within financial institutions.
I applied what I learned directly in my career. Because I understood the intent behind frameworks, I could challenge ideas thoughtfully rather than rely on assumptions. Understanding Basel as a macroprudential framework designed at a global level and implemented by regional regulators brought clarity to complex efforts such as FR Y-14Q. I could clearly explain why regulators like the Federal Reserve and the OCC focus so closely on capital adequacy and buybacks. Over time, I became a source of regulatory and business context for technology and implementation teams.
Beyond my immediate role, I began advising colleagues who were exploring different risk domains. I helped point them toward relevant knowledge areas such as COBIT and NIST and shared practical insights from both the program and my experience. Over time, colleagues with decades of experience in risk roles began seeking my perspective, which reinforced the depth and usefulness of the foundation the program provided. I also applied tools such as Failure Modes and Effects Analysis, which materially improved project outcomes and helped one initiative stand out within a broader transformation effort.
While I did not participate extensively in formal clubs, the value of the program came through interactions with peers and faculty. Those discussions added perspective and depth, and I strongly encourage incoming students to engage actively with their cohort and instructors.
Conclusion
I am currently working as a vice president at Wells Fargo in regulatory transformation, where I continue to apply the frameworks and thinking I gained through ERM every day. The program reshaped how I approach complexity, governance, and decision-making. It did not add more terminology. It gave me clarity and a solid foundation.
To new students, ERM is an ocean. There is an immense amount to learn. I entered the program looking for answers and left with clarity. If risk has touched your work or shaped the questions you are asking, there is no better place to learn. Be intentional about what you want from the program, because you will have access to an extraordinary depth of knowledge, experience, and insight.
About the Program
The Master of Science in Enterprise Risk Management (ERM) program at Columbia University prepares graduates to inform better risk-reward decisions by providing a complete, robust, and integrated picture of both upside and downside volatility across an entire enterprise. For both the full-time and part-time options, students may take all their courses on Columbia’s New York City campus or choose the synchronous online class experience.
Learn more about the program here.
