How to Create an Effective ERM Program?

What is Enterprise Risk Management?

Designed to identify and

assess potential events affecting the entity and manage risk

within its risk appetite.

Effected by the Board,

Management and other personnel.

Applied in strategy setting,

across the enterprise.

Able to provide reasonable assurance

regarding the achievement of

the entity objectives .

Applied across the enterprise, at

every level and unit, and includes taking an entity-

level portfolio view of risk.

Enterprise Risk Management (ERM) establishes a framework to identify, measure, monitor and manage risk.

Why Do We Need ERM?

While traditional risk management focused on asset-protection, ERM offers a more

holistic approach, integrating all departments and functions into

a single program towards managing risk.

A comprehensive ERM program will:

Align firm’s risk appetite with business objectives.

Identify/manage multiple and cross-enterprise risks.

Reduce frequency and severity of operational surprises.

Enhance the rigor of risk-response decisions.

Build confidence of investment community and stakeholders.

Successfully respond to a changing business environment.

Proactively seize on the opportunities presented to the firm.

The COSO ERM Framework

The COSO ERM framework has

eight interrelated components,

which represents what is needed to

achieve the entities objectives.

Entity objectives can be viewed in

the context of four

categories:

Strategic

Operations

Reporting

Compliance

Embracing ERM- Implementation Involves

Retaining the need for risks to be managed and owned at the business function level.

A shift in processes and culture of the organization.

Strengthened communication, training, and awareness.

Building processes to track risks.

Building an enterprise-wide analysis of risks for senior executive and Board review.

Creating an Effective ERM Program

Conduct an enterprise risk assessment• Include all stakeholders• Prioritize the risks

Articulate the risk management vision• Identify risk management

capabilities – be specific• Have a holistic plan• The plan includes policies,

processes, oversight and reporting

Pick one or two key risks and address them• Ensure the proper

program is in place for these risks

• Test the program• Evaluate the program for

success

Expand the program for other risks in order of priority• Components

• Internal Controls• Monitor, Test and Audit• Risk Managers• Senior Management Control• Board oversight independent

of management

Common Issues in Creating Effective ERM Program

Inconsistent use of risk definitions and terminologies

Lack of risk awareness throughout the organization

Inadequate focus on how to identify risk

Lack of clarity on responsibilities for risk

Insufficient rigor / consistency in risk evaluation

Lack of structure in risk decisions – right people / right data / right time

Inability / lack of effective self-assessment

Want to learn more about ERM, and best practices to implement effective ERM program? ComplianceOnline webinars and seminars are a great training resource. Check out the following links:• Establishing

Effective Enterprise Risk Management (ERM) for Achieving Good Compliance

• COSO ERM Simplified-Implementation for Government and small businesses

• Internal Audit's Role in Enterprise Risk Management• Integrating Ethics and Compliance Risks into your Enterprise Risk

Management Program

Thank You

To know more on ERM visit www.complianceonline.com