ERM is the process of identifying and addressing methodically the potential events that represent risks to the achievement of strategic objectives, or to opportunities to gain competitive advantage.
The fundamental elements of ERM are the assessment of significant risks and the implementation of suitable risk responses. Risk responses include: acceptance or tolerance of a risk; avoidance or termination of a risk; risk transfer or sharing via insurance, a joint venture or other arrangement; and reduction or mitigation of risk via internal control procedures or other risk prevention activities.
Other important ERM concepts include the risk philosophy or risk strategy, risk culture and risk appetite. These are expressions of the attitude to risk in the organisation, and of the amount of risk that the organisation is willing to take.
Management responsibilities include the risk architecture or infrastructure, documentation of procedures or risk management protocols, training, monitoring and reporting on risks and risk management activities.
What benefits does ERM provide?
- Greater awareness about the risks facing the organisation and the ability to respond effectively
- Enhanced confidence about the achievement of strategic objectives
- Improved compliance with legal, regulatory and reporting requirements
- Increased efficiency and effectiveness of operations
Questions to consider when Implementing ERM
- What are the main components or drivers of our business strategy?
- What internal factors or events could impede or derail each of these components?
- What external events could impede or derail each of the components?
- Do we have the right systems and processes in place to address these internal and external risks?
Comments