Enterprise Risk Management (ERM) is a framework that is used by large organizations to manage risk as a whole. The key difference between ERM and traditional risk management is that in the latter risks are managed individually, whilst the former requires the aggregation of risks to facilitate risk management. However, current methods for risk aggregation have various limitations when applied under the context of ERM, such as the requirement for accurate and complete information about risk factors, the inability to handle different kinds of uncertainty which are inevitable during the risk aggregation process, and so on. Due to its unique advantages in accommodating different forms of both complete and incomplete information and handling different kinds of uncertainty, the Evidential Reasoning (ER) approach together with its implementation entitled Intelligent Decision System (IDS) is introduced in this paper for risk aggregation in ERM to overcome the limitations and to provide a comprehensive analysis for risk management based on the aggregation result. To demonstrate the applicability of the ER approach and IDS in ERM, a case study is analyzed in detail regarding risk aggregation and risk management for a health care organization in North England.