how to create an effective enterprise risk management program?
TRANSCRIPT
How to Create an Effective ERM Program?
What is Enterprise Risk Management?
Designed to identify and
assess potential events affecting the entity and manage risk
within its risk appetite.
Effected by the Board,
Management and other personnel.
Applied in strategy setting,
across the enterprise.
Able to provide reasonable assurance
regarding the achievement of
the entity objectives .
Applied across the enterprise, at
every level and unit, and includes taking an entity-
level portfolio view of risk.
Enterprise Risk Management (ERM) establishes a framework to identify, measure, monitor and manage risk.
Why Do We Need ERM?
While traditional risk management focused on asset-protection, ERM offers a more
holistic approach, integrating all departments and functions into
a single program towards managing risk.
A comprehensive ERM program will:
Align firm’s risk appetite with business objectives.
Identify/manage multiple and cross-enterprise risks.
Reduce frequency and severity of operational surprises.
Enhance the rigor of risk-response decisions.
Build confidence of investment community and stakeholders.
Successfully respond to a changing business environment.
Proactively seize on the opportunities presented to the firm.
The COSO ERM Framework
The COSO ERM framework has
eight interrelated components,
which represents what is needed to
achieve the entities objectives.
Entity objectives can be viewed in
the context of four
categories:
Strategic
Operations
Reporting
Compliance
Embracing ERM- Implementation Involves
Retaining the need for risks to be managed and owned at the business function level.
A shift in processes and culture of the organization.
Strengthened communication, training, and awareness.
Building processes to track risks.
Building an enterprise-wide analysis of risks for senior executive and Board review.
Creating an Effective ERM Program
Conduct an enterprise risk assessment• Include all stakeholders• Prioritize the risks
Articulate the risk management vision• Identify risk management
capabilities – be specific• Have a holistic plan• The plan includes policies,
processes, oversight and reporting
Pick one or two key risks and address them• Ensure the proper
program is in place for these risks
• Test the program• Evaluate the program for
success
Expand the program for other risks in order of priority• Components
• Internal Controls• Monitor, Test and Audit• Risk Managers• Senior Management Control• Board oversight independent
of management
Common Issues in Creating Effective ERM Program
Inconsistent use of risk definitions and terminologies
Lack of risk awareness throughout the organization
Inadequate focus on how to identify risk
Lack of clarity on responsibilities for risk
Insufficient rigor / consistency in risk evaluation
Lack of structure in risk decisions – right people / right data / right time
Inability / lack of effective self-assessment
Want to learn more about ERM, and best practices to implement effective ERM program? ComplianceOnline webinars and seminars are a great training resource. Check out the following links:• Establishing
Effective Enterprise Risk Management (ERM) for Achieving Good Compliance
• COSO ERM Simplified-Implementation for Government and small businesses
• Internal Audit's Role in Enterprise Risk Management• Integrating Ethics and Compliance Risks into your Enterprise Risk
Management Program
Thank You
To know more on ERM visit www.complianceonline.com