Building A Robust Enterprise Risk Management (ERM) Program
Building A Robust Enterprise Risk Management (ERM) Program
There is no getting past the fact that running and owning a business involves risk. On the other hand, taking on too much risk will probably reduce a company's worth, use up a large portion of its working capital, and possibly result in bankruptcy if the dangers become overwhelming.
In general, no firm can function without risk. Those that do so will unavoidably lose out on prospects for growth and most likely be overtaken by more aspirational rivals. As a result, putting in place a structured Enterprise Risk Management (ERM) program is one approach to manage the "risk profile" of an organisation.
The presence of internal controls in a firm are to make sure that frauds are prevented, maintain proper governance and compliance, and reduce the errors. However, a robust ERM program goes much further since this framework addresses risks from different levels of an organisation. The purpose of having an ERM framework not only helps in identification of risks, but also in defining operational and compliance objectives.
As far as traditional risk management techniques are concerned, these used to be addressed as being informal, where each department focused only on minimising its own risks, which is limited in terms of efficiency and effectively reduced risk management into silos. Traditional risk management fails to address how risks may arise in the way departments interact — or don’t interact — with each other. It is also perceived to have a goal of eliminating risk completely, where the main goal is to optimise risk and being able to operate the business under acceptable levels of inevitable risk.
Helping you build a better ERM framework
Having an ERM framework has a completely different approach, since it recognises that many risks are enterprise-wide and interrelated. In general, the ERM framework of every company will be different based on the size, structure and line of business. One of the most helpful frameworks that has been used by many businesses is the Committee of Sponsoring Organisations of the Treadway Commission’s (COSO’s) Enterprise Risk Management — Integrated Framework, which was originally published in 2004.The original COSO framework covers four categories of objectives mainly strategic, operations, reporting and compliance. It also sets eight key components, namely:
- Internal environment
- Objective setting
- Event identification
- Risk assessment
- Risk response
- Control activities
- Information and communication
- Monitoring