How to Create an Effective ERM Program?
What is Enterprise Risk Management? Enterprise Risk Management (ERM) establishes a framework to identify, measure, monitor and manage risk.
Designed to identify and assess potential events affecting the entity and manage risk within its risk appetite.
Effected by the Board, Management and other personnel.
Applied in strategy setting, across the enterprise.
Able to provide reasonable assurance regarding the achievement of the entity objectives .
Applied across the enterprise, at every level and unit, and includes taking an entitylevel portfolio view of risk.
Why Do We Need ERM?
While traditional risk management focused on assetprotection, ERM offers a more holistic approach, integrating all departments and functions into a single program towards managing risk.
A comprehensive ERM program will:
Align firm’s risk appetite withcross-enterprise business objectives. Identify/manage multiple and risks. Reduce frequency and severity of operational surprises. Enhance the rigor of risk-response decisions. Build confidence of investment community and stakeholders. Successfully respond a changing business environment. Proactively seize on thetoopportunities presented to the firm.
The COSO ERM Framework Strategic
The COSO ERM framework has eight interrelated components, which represents what is needed to achieve the entities objectives.
Entity objectives can be viewed in the context of four categories:
Operations
Reporting
Compliance
Embracing ERM- Implementation Involves Retaining the need for risks to be managed and owned at the business function level.
A shift in processes and culture of the organization.
Strengthened communication, training, and awareness.
Building processes to track risks.
Building an enterprise-wide analysis of risks for senior executive and Board review.
Creating an Effective ERM Program Conduct an enterprise risk assessment
Articulate the risk management vision
Pick one or two key risks and address them
Expand the program for other risks in order of priority
• Include all stakeholders • Prioritize the risks
• Identify risk management capabilities – be specific • Have a holistic plan • The plan includes policies, processes, oversight and reporting
• Ensure the proper program is in place for these risks • Test the program • Evaluate the program for success
• • • • •
Components Internal Controls Monitor, Test and Audit Risk Managers Senior Management Control • Board oversight independent of management
Common Issues in Creating Effective ERM Program
Inconsistent use of risk definitions and terminologies
Lack of risk awareness throughout the organization
Inadequate focus on how to identify risk
Lack of clarity on responsibilities for risk
Insufficient rigor / consistency in risk evaluation
Lack of structure in risk decisions – right people / right data / right time
Inability / lack of effective selfassessment
Want to learn more about ERM, and best practices to implement effective ERM program? ComplianceOnline webinars and seminars are a great training resource. Check out the following links: • Establishing Effective Enterprise Risk Management (ERM) for Achieving Good Compliance • COSO ERM Simplified-Implementation for Government and small businesses • Internal Audit's Role in Enterprise Risk Management
• Integrating Ethics and Compliance Risks into your Enterprise Risk Management Prog
To know more on ERM visit www.complianceonline.com
Thank You