ERM Framework

What is Enterprise Risk Management?

Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines ERM as:

Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

Enterprise risk management requires an entity to take a portfolio view of risk. It considers activities at all levels of the organization

ERM NEEDS AND BENEFITS
A good business knows well that there is nothing like closely monitoring business and financial risks and implementing mitigation plans and risk management strategies based on data measures. Risk Management is an effective tool for managing the uncertainties resulting from various business risks. Many of these business risks go beyond traditional risk that can be insured. In today’s business environment, not all risks can be insured. Infact, some risks are better retained within the business and managed for better returns.

WHY ERM

In August 2004, Committee of Sponsoring Organizations (COSO) issued its Enterprise Risk Management – Integrated Framework after completing. The framework, which includes an executive summary and application techniques, expands on the Internal controls framework.

Why Implement ERM

COSO states that ERM assists management with aligning risk appetite and strategy, enhancing risk response decisions, reducing operational surprises and losses, identifying and managing cross enterprise risks, providing, seizing opportunities and improving deployment of capital.

Below are some of the key reason why companies should strongly consider implementation of ERM.

1. Providing economic direction for the Enterprise

By aligning risk appetite with strategy, an enterprise is able to set an economic expectation. Once the corporate strategy has been determined, the risk profile is tailored to execute these strategies. Alignment of risk and strategy ensures that the company is heading in the direction it wants to go and not subject to internal and external risk factors that it has not anticipated in strategy setting.

2. Anticipate risk impacts with greater precision
By having an integrated risk management framework, companies will be better able to identify, measure and monitor risks and ultimately assess, in advance, the impacts of these risks on business results. Companies without these frameworks, or limited “silo-ed” approach have a vague idea of the future losses or unexpected gains from these risks.

In today’s almost immediate transfer of information across the globe and with brutal capital market environment, no company would like to present its earnings different from its forecasts.

3. Segregate risks into action type based on risk appetite

Another key reason for implementation of ERM is to segregate the risks into three main types. 1. Manage Risks, 2) Transfer Risk and 3) Accept risk. A well structured framework enables the company to perform a cost benefit analysis of the various risks and determine what the enterprise should do with a certain risk. Transfer or insuring the risk is not always the best solution especially if it can be managed or converted to an opportunity through risk management techniques. And finally, it is a good business decision to accept some risks and keep them. The ERM framework will provide monitoring tools to constantly assess the impacts of the risks that have been retained.