How to Create an Effective ERM

Program?

What is Enterprise Risk

Management?
Enterprise Risk Management (ERM) establishes a
framework to identify, measure, monitor and manage
risk.
Designed to
identify and
assess
potential
events
affecting the
entity and
manage risk
within its risk
appetite.

Effected by the
Board,
Management
and other
personnel.

Applied in
strategy
setting, across
the enterprise.

Able to provide
reasonable
assurance
regarding the
achievement
of the entity
objectives .

Applied across
the enterprise,
at every level
and unit, and
includes taking
an entity-level
portfolio view
of risk.

Why Do We Need ERM?

While traditional risk

management focused on
asset-protection, ERM
offers a more holistic
approach, integrating all
departments and
functions into a single
program towards
managing risk.

A comprehensive ERM program will

Align firms risk appetite with business objectives.
Identify/manage multiple and cross-enterprise risks.
Reduce frequency and severity of operational
surprises.
Enhance the rigor of risk-response decisions.
Build confidence of investment community and
stakeholders.
Successfully respond to a changing business
environment.
Proactively seize on the opportunities presented to the
firm.

The COSO ERM Framework

Strategic
The COSO ERM
framework has
eight
interrelated
components,
which
represents what
is needed to
achieve the
entities
objectives.

Entity
objectives
can be
viewed in
the context
of four
categories:

Operations

Reporting

Complianc
e

Embracing ERM- Implementation

Involves
Retaining the need for risks to be managed and owned at the business
function level.
A shift in processes and culture of the organization.

Strengthened communication, training, and awareness.

Building processes to track risks.

Building an enterprise-wide analysis of risks for senior executive and
Board review.

Creating an Effective ERM

Program
Conduct an
enterprise risk
assessment
Include all
stakeholders
Prioritize the risks

Articulate the
risk
management
vision
Identify risk
management
capabilities be
specific
Have a holistic plan
The plan includes
policies, processes,
oversight and
reporting

Pick one or two

key risks and
address them
Ensure the proper
program is in place
for these risks
Test the program
Evaluate the
program for success

Expand the
program for other
risks in order of
priority
Components
Internal Controls
Monitor, Test and Audit
Risk Managers
Senior Management
Control
Board oversight
independent of
management

Common Issues in Creating

Effective ERM Program

Inconsistent
use of risk
definitions
and
terminologies

Lack of risk
awareness
throughout
the
organization

Inadequate
focus on how
to identify
risk

Lack of clarity
on
responsibilitie
s for risk

Insufficient
rigor /
consistency
in risk
evaluation

Lack of
structure in
risk decisions
right people
/ right data /
right time

Inability / lack
of effective
selfassessment

Want to learn more about ERM, and best practices to

implement effective ERM program? ComplianceOnline
webinars and seminars are a great training resource.
Check out the following links:
Establishing
Effective Enterprise Risk Management (ERM) fo
r Achieving Good Compliance
COSO ERM Simplified-Implementation for Govern
ment and small businesses
Internal Audit's Role in Enterprise Risk Manage
ment
Integrating Ethics and Compliance Risks into y
our Enterprise Risk Management Program

To know more on ERM visit

www.complianceonline.com

Thank You