Enterprise Risk Management

Enterprise Risk  Management

Enterprise Risk Management (ERM) is a holistic approach towards the risk issues faced by an enterprise.

Rather than the traditional approach of handling each risk separately, in ERM risk management is co-ordinated across departments to maximize efficiency and add value to the organization.

Comparison of ERM to previous approaches to Risk Management

  1. Covers all types of risk exposure (financial, operational, reporting, compliance, governance, strategic, reputationl etc.)
  2. Manage risks as combined portfolio rather than as individual risks.
  3. Effected by people at every level of organization.
  4. Gives value to a strong risk management process.
  5. Seeks to include risk management as a integral part of decision making process.

ERM Frameworks

There are a few important ERM frameworks which describe an approach for risk management (identify, assess and mange) within and organisation. These frameworks are mere guidance and no framework would apply as is to every organization. Every entity aiming to implement an ERM needs to think about its specific risks and opportunities and develop and implement a ERM plan accordingly.

Three most common ERM approaches are:

  • COSO ERM framework
  • CAS ERM framework

COSO ERM Framwork

COSO ERM framework divides entities objectives in to four categories

  • Strategic – high-level goals, aligned with and supporting its mission
  • Operations – effective and efficient use of its resources
  • Reporting – reliability of reporting
  • Compliance – compliance with applicable laws and regulations.

This categorization allows a focus on separate aspects of Enterprise Risk Management.

COSO ERM framework consists of eight interrelated components.

  • Internal Environment
  • Objective Setting
  • Event Identification
  • Risk Assessment
  • Risk Response
  • Control Activities
  • Information and Communication
  • Monitoring

Relationship of objectives and components

There is a direct relationship between objectives, which are what an entity strives to achieve, and enterprise risk management components, which represent what is needed to achieve them. The relationship is depicted in a three-dimensional matrix, in the form of a cube.

COSO ERM Framework

Share to download Executive Summary of COSO ERM Framework

[sociallocker id=”1679″]Thanks for sharing this lesson. Click here to download.[/sociallocker]

CAS ERM Framework

Casualty Actuarial Society defines ERM as the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization’s short- and long-term value to its stakeholders.”

Conceptual Framework

The CAS conceptualized ERM as proceeding across the two dimensions of risk type and risk management processes.

CAS ERM Framework

The risk management process involves:

  1. Establishing Context: This includes an understanding of the current conditions in which the organization operates on an internal, external and risk management context.
  2. Identifying Risks: This includes the documentation of the material threats to the organization’s achievement of its objectives and the representation of areas that the organization may exploit for competitive advantage.
  3. Analyzing/Quantifying Risks: This includes the calibration and, if possible, creation of probability distributions of outcomes for each material risk.
  4. Integrating Risks: This includes the aggregation of all risk distributions, reflecting correlations and portfolio effects, and the formulation of the results in terms of impact on the organization’s key performance metrics.
  5. Assessing/Prioritizing Risks: This includes the determination of the contribution of each risk to the aggregate risk profile, and appropriate prioritization.
  6. Treating/Exploiting Risks: This includes the development of strategies for controlling and exploiting the various risks.
  7. Monitoring and Reviewing: This includes the continual measurement and monitoring of the risk environment and the performance of the risk management strategies.

The risk types and examples include:

  • Hazard risk – Liability torts, Property damage, Natural catastrophe
  • Financial risk – Pricing risk, Asset risk, Currency risk, Liquidity risk
  • Operational risk – Customer satisfaction, Product failure, Integrity, Reputational risk
  • Strategic risks – Competition, Social trend, Capital availability

Share to download CAS – Overview of Enterprise Risk Management

[sociallocker id=”1679″]Thanks for sharing this lesson. Click here to download[/sociallocker]