1. How is the Enterprise Risk Management function organized?   1a. How many levels down from the CEO, is located the Head of Enterprise Risk Management?.   1b. What corporate function does the Head of ERM reports into?.   2. Is there an Integrated Risk Management Function (beyond Operations)?  2a. If there is an IRM function, how is it organized and what are the areas of responsibility?   3. Is there an Operations Risk Management Function?   3a. If so, how is it organized and what are the areas of responsibility?

CEO - CAO/CRO - Head of ERM - Financial Risk Management + Non-Financial Risk Management 

Integrated Risk Management is managed through the lens of the COSO framework, leveraging GRC strategies and technology to execute the risk management cycle across the three lines of defense.

1. ERM also incorporates Business Continuity Management and Crisis Management
1a. 2
1b. Group Governance (CGO)

2. & 3. no, but numerous elements are included into my function.

We're a Consumer Company, ERM is two levels down from the CEO, (and reporting under the COO it's the CRO). We have IRM (one level down and reporting under ERM).  IRM it's beyond Operations and engages with all Corporate functions & Business Leads across the Company.  We cover Strategic Alignment, Risk Governance (Policies, Procedures, SOPs, etc.), Risk Mgmt. Capabilities such as Integrated Risk Assessments, Crisis Mgmt. & Resilience (BCM), Risk Information, Risk Awareness (Culture & Accountability), and E2E Risk Mgmt. to include Data Analytics).  Also the Team has "boots on the ground" to cover critical markets.  

1. I am the VP of ERM which consists of (ERM Governance, Compliance Risk Management, Operational Risk Management and Technology/Security Risk Mgmt).  
1a.  I am 3 levels down from the CEO. 
1b. I report to the CRCO
2. - We do not have a defined Integrated Risk Management function; although we do have integrated risk assurance forums to enable alignment between the 1st, 2nd and 3rd line assurance functions
3.  Yes we have an Operations Risk Mgmt Function, that falls under me. I have a direct report/subordinate that manages the day-to-day of that program and team of 6 risk analysts.  The Operational Risk and Control Assurance team (as we call it), are responsible to work with the 1st line to: educate them in risk mgmt., identify the key risks, development of risk registers, conduct risk assessments and to perform control testing and validation activities. 

1. I am Director of Enterprise Risk Management, and I also oversee Internal Audit, Business Process & Policy, Data Analytics, and DEI.
1a. I am two levels down from the President/CEO.
1b. I report to the COO.
2 and 3. We do not have any distinct, defined Integrated Risk Management or Operations Risk Management function, although I factor those concepts into the ERM framework.

(We are a local governmental authority.)