ERM once implemented is a ongoing process. Two important steps post ERM implementation are:
1. Monitoring
2. Strengthening
Monitoring
Monitoring process involves regularly presenting all possible risk issues to a central platform and preparing an action plan to overcome those risks.
A strong monitoring process can be laid by implementing a reporting process wherein each unit reports its existing and potential risk issues along defined metrices to a sub-risk committee. Sub-risk committee can comprise of all unit heads of a Enterprise or further sub-divided on the basis of business size and geographies.
Important risk issues filtered through these sub-risk committee should flow in Risk committee which should comprise of senior management and should have representation of board.
Strengthening
ERM should provide a system wherein it is possible to gauge new risk types and issues which can possibly affect an enterprise.
An important tool to take care of strengthening process is Key Risk Indicator (KRI)
KRI give us an early warning to identify potential event that may harm continuity of activity / project.
Forex – % of NPA (non performing assets) is the most important indicator of the health of a bank’s portfolio.
An effective method for developing KRIs begins by analyzing a risk event that has affected the organization in the past (or present) and then working backwards to pinpoint intermediate and root cause events that led to the ultimate loss or lost opportunity.
Image Credit: Coso.org