Risk Management Vs Enterprise Risk Management RM is the process of understanding and managing risks that the organization faces

in attempting to achieve its objectives ERM aligns risk management with business strategy and embeds a risk management culture into the business. It encompass whole organization and see risks as opportunity as much as hazard E&Y link ERM to shareholder value by involves: Protecting existing value Optimization of risk- Real options analysis Financial engineering of risk and capital- Alter risk/Return/WACC Benefit of ERM Aligning risk appetite and strategy Linking growth, risk and return Enchancing risk response decisions Minimising operational surprises and losses Identifying and managing cross-enterprise risks Providing integrated responses to multiple risks Seizing opportunities Rationalising capital COSO Committee of Sponsoring Organization of the Treadway Commission The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five private sector organizations, established in the United States, dedicated to providing thought leadership to executive management and governance entities on critical aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, and financial reporting. COSO has established a common internal control model against which companies and organizations may assess their control systems. COSO is supported by five supporting organizations, including the Institute of Management Accountants (IMA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA) and Financial Executives International (FEI). In 2003, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2003) published Enterprise Risk Management Framework . COSO dened enterprise risk management. This was updated in COSOs Enterprise Risk Management Integrated Framework (COSO, 2004). Enterprise risk management (ERM) is dened as A process, effected by an entitys board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

ERM has four categories of objectives: 1. Strategic : high level goals which are aligned with the organizations mission; 2. Operations : ef cient and effective use of resources 3. Reliability of reporting ; 4. Compliance with laws and regulations . These categories may be the responsibility of different executives and address different needs of the entity. ERM also consists of eight inter-related components: 1. Internal environment : the tone of the organization, which sets the basis of how risk is viewed, including the risk management philosophy and risk appetite. 2. Objective setting : a process to set objectives that are aligned with the organizations mission and are consistent with its risk appetite. 3. Event identi cation: internal and external events affecting achievement of objectives must be identi ed, distinguishing between risks and opportunities. 4. Risk assessment : Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed, both on an inherent (gross) and residual (net) basis. Gross and net risk are described later in this chapter. 5. Risk response : Management decides whether to avoid, accept, reduce or share risk, developing a set of actions to align risks with its risk appetite. 6. Control activities : policies and procedures help ensure the risk responses are effectively carried out. 7. Information and communication : Relevant information is identi ed, captured and communicated that enables people to carry out their responsibilities. 8. Monitoring : The entire ERM is monitored through ongoing management activities and separate evaluations and modi ed made where necessary. The COSO ERM comprises a three dimensional matrix in the form of a cube, which re ects the relationships between objectives, components, and different organisational levels. The COSO ERM cube is shown in Figure 5.5