Enterprise risk management
(ERM) in business
includes the methods and processes used by organizations to manage risks and
seize opportunities related to the achievement of their objectives. ERM
provides a framework for risk management,
which typically involves identifying particular events or circumstances
relevant to the organization's objectives (risks and opportunities), assessing
them in terms of likelihood and magnitude of impact, determining a response
strategy, and monitoring progress. By identifying and proactively addressing
risks and opportunities, business enterprises protect and create value for
their stakeholders, including owners, employees, customers, regulators, and
society overall. (ERM)
ERM can also be described as a risk-based
approach to managing an enterprise, integrating concepts of internal control,
the Sarbanes–Oxley Act, and strategic planning. ERM is evolving to address the needs of various
stakeholders, who want to understand the broad spectrum of risks facing complex
organizations to ensure they are appropriately managed. Regulators and debt
rating agencies have increased their scrutiny on the risk management processes
of companies.
Policy of ERM:
Policy must risk management
organization to develop its approach and tendencies towards risk as well as its
approach to risk management. The policy must also identify risks towards risk
management responsibilities within the organization as a whole.
Organization must refer to any legal requirements regarding the organization's policy statement is an example of health and safety.
Associated risk management processes integrated set of tools and techniques are used in various stages of activity.
Organization must refer to any legal requirements regarding the organization's policy statement is an example of health and safety.
Associated risk management processes integrated set of tools and techniques are used in various stages of activity.
To work effectively require the risk
management process:
*Commitment CEO and directors of the organization.
*Distribution of responsibilities within the organization.
*Allocate appropriate resources to train and develop awareness of the risks by the stakeholders.
*Commitment CEO and directors of the organization.
*Distribution of responsibilities within the organization.
*Allocate appropriate resources to train and develop awareness of the risks by the stakeholders.
COSO ERM framework
The COSO
"Enterprise Risk Management-Integrated Framework" published in 2004
defines ERM as a "…process, effected by an entity's board of directors,
management, and other personnel, applied in strategy setting and across the
enterprise, designed to identify potential events that may affect the entity,
and manage risk to be within its risk appetite,
to provide reasonable assurance regarding the achievement of entity objectives.
The COSO ERM Framework has eight Components and four
objectives categories. It is an expansion of the COSO Internal Control-Integrated
Framework published in 1992 and amended in 1994. The eight components -
additional components highlighted - are:
- Internal Environment
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information and Communication
- Monitoring
The four objectives categories - additional components
highlighted - are:
- Strategy - high-level goals, aligned with and supporting the
organization's mission
- Operations - effective and
efficient use of resources
- Financial Reporting -
reliability of operational and financial reporting
- Compliance - compliance with
applicable laws and regulations
Common challenges in
ERM implementation
Various consulting firms offer suggestions for how to
implement an ERM program.[5] Common
topics and challenges include:
- Identifying executive sponsors
for ERM.
- Establishing a common risk
language or glossary.
- Describing the entity's risk appetite
(i.e., risks it will and will not take)
- Identifying and describing the
risks in a "risk inventory".
- Implementing a risk-ranking
methodology to prioritize risks within and across functions.
- Establishing a risk committee
and or Chief Risk Officer (CRO) to coordinate certain activities of the risk
functions.
- Establishing ownership for
particular risks and responses.
- Demonstrating the cost-benefit
of the risk management effort.
- Developing action plans to
ensure the risks are appropriately managed.
- Developing consolidated
reporting for various stakeholders.
- Monitoring the results of
actions taken to mitigate risk.
- Ensuring efficient risk
coverage by internal auditors, consulting teams, and other evaluating
entities.
- Developing a technical ERM
framework that enables secure participation by 3rd parties and remote
employees.
Current issues in ERM
The risk management processes of U.S.
corporations are under increasing regulatory and private scrutiny. Risk is an
essential part of any business. Properly managed, it drives growth and
opportunity. Executives struggle with business pressures that may be partly or
completely beyond their immediate control, such as distressed financial
markets; mergers, acquisitions and restructurings; disruptive
technology change; geopolitical
instabilities; and the rising price of energy.
The role of the
enterprise in dealing with risks.
Create harmonious team work
effectively to deal with and manage risks efficiently and effectively. #
Use the voting system on each type of risk in terms of probability of occurrence and level of impact. #
# Work tables and one for recording and monitoring of natural hazards and other risks with high impact.
Use the voting system on each type of risk in terms of probability of occurrence and level of impact. #
# Work tables and one for recording and monitoring of natural hazards and other risks with high impact.
Work a follow-up report for each type of high-impact risks.#
# Follow-up and continuous monitoring of the Group's work to correct errors.
Develop an integrated plan supported by team members to take their own path to the application. #
# Periodic review of the plan, reporting and correction of errors.
# Follow-up and continuous monitoring of the Group's work to correct errors.
Develop an integrated plan supported by team members to take their own path to the application. #
# Periodic review of the plan, reporting and correction of errors.
References
Arab Forum for Human Resources
WIKIPEDIA
http://www.carajkumarradukia.com