2. What is Enterprise Risk Management?
Designed to
identify and assess
potential events
affecting the entity
and manage risk
within its risk
appetite.
Effected by the
Board,
Management and
other personnel.
Applied in strategy
setting, across the
enterprise.
Able to provide
reasonable
assurance
regarding the
achievement of
the entity
objectives .
Applied across the
enterprise, at
every level and
unit, and includes
taking an entity-
level portfolio
view of risk.
Enterprise Risk Management (ERM) establishes a framework to
identify, measure, monitor and manage risk.
3. Why Do We Need ERM?
While traditional risk
management focused on asset-
protection, ERM offers a more
holistic approach, integrating all
departments and functions into
a single program towards
managing risk.
4. A comprehensive ERM program will:
Align firm’s risk appetite with business objectives.
Identify/manage multiple and cross-enterprise risks.
Reduce frequency and severity of operational surprises.
Enhance the rigor of risk-response decisions.
Build confidence of investment community and stakeholders.
Successfully respond to a changing business environment.
Proactively seize on the opportunities presented to the firm.
5. The COSO ERM Framework
The COSO ERM
framework has
eight interrelated
components, which
represents what is
needed to achieve
the entities
objectives.
Entity
objectives can
be viewed in
the context of
four
categories:
Strategic
Operations
Reporting
Compliance
6. Embracing ERM- ImplementationInvolves
Retaining the need for risks to be managed and owned at the business function level.
A shift in processes and culture of the organization.
Strengthened communication, training, and awareness.
Building processes to track risks.
Building an enterprise-wide analysis of risks for senior executive and Board review.
7. Creating an Effective ERM Program
Conduct an
enterprise risk
assessment
• Include all
stakeholders
• Prioritize the risks
Articulate the risk
management
vision
• Identify risk
management
capabilities – be
specific
• Have a holistic plan
• The plan includes
policies, processes,
oversight and
reporting
Pick one or two
key risks and
address them
• Ensure the proper
program is in place for
these risks
• Test the program
• Evaluate the program
for success
Expand the program
for other risks in order
of priority
• Components
• Internal Controls
• Monitor, Test and Audit
• Risk Managers
• Senior Management
Control
• Board oversight
independent of
management
8. Common Issues in Creating Effective
ERM Program
Inconsistent use
of risk definitions
and
terminologies
Lack of risk
awareness
throughout the
organization
Inadequate focus
on how to
identify risk
Lack of clarity on
responsibilities
for risk
Insufficient rigor
/ consistency in
risk evaluation
Lack of structure
in risk decisions –
right people /
right data / right
time
Inability / lack of
effective self-
assessment
9. Want to learn more about ERM, and best practices to implement
effective ERM program? ComplianceOnline webinars and seminars are
a great training resource. Check out the following links:
• Establishing Effective Enterprise Risk Management (ERM) for
Achieving Good Compliance
• COSO ERM Simplified-Implementation for Government and small
businesses
• Internal Audit's Role in Enterprise Risk Management
• Integrating Ethics and Compliance Risks into your Enterprise Risk
Management Program