Although the construction industry is project-based, risk management should cover risks at both project and enterprise levels because overemphasis on project risk management would lead to some limitations. As a holistic and integrated risk management approach, enterprise risk management (ERM), which agrees with the modern portfolio theory, deals with the entire risk portfolio of a firm and has been advocated in the construction industry. This study provides an understanding of ERM in construction firms and proposes an ERM framework for construction firms, based on the literature review. The components in this proposed framework represent the fundamentals of ERM. This framework could serve as a guide for ERM implementation in construction firms. As few studies have been focused on ERM in construction firms, it is believed that the proposed framework can contribute to the existing body of knowledge relating to ERM.