GRC: How to Create an Effective ERM Program - PowerPoint PPT Presentation

About This Presentation
Title:

GRC: How to Create an Effective ERM Program

Description:

This quick reference guide discusses what is Enterprise Risk Management(ERM), its importance, the COSO framework and steps to create and implement an effective ERM program. – PowerPoint PPT presentation

Number of Views:122

less

Transcript and Presenter's Notes

Title: GRC: How to Create an Effective ERM Program


1
GRC How to Create an Effective ERM Program
2
What is Enterprise Risk Management ?
  • Enterprise Risk Management (ERM) establishes a
    framework to identify, measure, monitor and
    manage risk.
  • ERM is
  • Designed to identify and assess potential events
    affecting the entity and manage risk within its
    risk appetite.
  • Effected by the Board, Management and other
    personnel.
  • Applied in strategy setting, across the
    enterprise.
  • Able to provide reasonable assurance regarding
    the achievement of the entity objectives .
  • Applied across the enterprise, at every level and
    unit, and includes taking an entity-level
    portfolio view of risk.

3
Why Do We Need ERM?
  • While traditional risk management focused on
    asset-protection, ERM offers a more holistic
    approach, integrating all departments and
    functions into a single program towards managing
    risk.
  • A comprehensive ERM program will
  • Align firms risk appetite with business
    objectives.
  • Identify/manage multiple and cross-enterprise
    risks.
  • Reduce frequency and severity of operational
    surprises.
  • Enhance the rigor of risk-response decisions.
  • Build confidence of investment community and
    stakeholders.
  • Enhance corporate governance.
  • Successfully respond to a changing business
    environment.
  • Proactively seize on the opportunities presented
    to the firm.
  • Improve effectiveness of capital deployment.

4
The COSO ERM Framework
  • The COSO ERM framework has eight interrelated
    components, which represents what is needed to
    achieve the entities objectives.
  • Entity objectives can be viewed in the context of
    four categories
  • Strategic
  • Operations
  • Reporting
  • Compliance

5
Embracing ERM
  • The implementation of ERM involves
  • Retaining the need for risks to be managed and
    owned at the business function level.
  • A shift in processes and culture of the
    organization.
  • Strengthened communication, training, and
    awareness.
  • Building processes to track risks.
  • Building an enterprise-wide analysis of risks for
    senior executive and Board review.

6
Creating an Effective ERM Program
  • Conduct an enterprise risk assessment
  • Include all stakeholders
  • Prioritize the risks
  • Articulate the risk management vision
  • Identify risk management capabilities be
    specific
  • Have a holistic plan
  • The plan includes policies, processes, oversight
    and reporting
  • Pick one or two key risks and address them
  • Ensure the proper program is in place for these
    risks
  • Test the program
  • Evaluate the program for success
  • Expand the program for other risks in order of
    priority
  • Components
  • Internal Controls
  • Monitor, Test and Audit
  • Risk Managers
  • Senior Management Control
  • Board oversight independent of management

7
Common Issues in Creating Effective ERM Program
  • Inconsistent use of risk definitions and
    terminologies
  • Lack of risk awareness throughout the
    organization
  • Inadequate focus on how to identify risk
  • Lack of clarity on responsibilities for risk
    who
  • Insufficient rigor / consistency in risk
    evaluation
  • Lack of structure in risk decisions right
    people / right data / right time
  • Inability / lack of effective self-assessment

8
  • Want to learn more about ERM, and best practices
    to implement effective ERM program?
    ComplianceOnline webinars and seminars are a
    great training resource. Check out the following
    links
  • How to conduct a Compliance Gap Analysis for ERM?
  • Establishing Effective Enterprise Risk Management
    (ERM) for Achieving Good Compliance
  • COSO ERM Simplified-Implementation for Government
    and small businesses
  • Internal Audit's Role in Enterprise Risk
    Management
  • Essentials of ERM and Assessing its Effectiveness
    Using ISO 31000
  • Integrating Ethics and Compliance Risks into your
    Enterprise Risk Management Program
Write a Comment
User Comments (0)
About PowerShow.com