Academic journal article Journal of Accountancy
Implementing Enterprise Risk Management
Managing risk is imperative for successful leadership in today's business world. Leaders must develop processes like enterprise risk management (ERM) to improve their ability to manage risks effectively ERM cuts across an organization's silos to identify and manage a spectrum of risks. Consider these ERM action items:
[check] Resolve to proactively manage risks, rather than react to them. Implementing ERM takes total commitment by management, as well as recognition by the board of its responsibility.
[check] Clarify the organization's risk philosophy. As discussed in the COSO ERM framework (Enterprise Risk Management--Integrated Framework), organizations need to know their risk capacity in terms of people capability and capital. The board and management must come to an understanding, factoring in the risk appetite of all significant stakeholders.
[check] Develop a strategy. Since risk relates to the events or actions that jeopardize achieving the organization's objectives, effective risk management depends on an understanding of the organization's strategy and goals. One of the benefits of ERM implementation is the revelation that those responsible for achieving the objectives have varying degrees of understanding about them. ERM helps get everyone on the same page.
[check] Think broadly and examine carefully events that may affect the organization's objectives. This involves taking your business and industry apart. Pore over your strategy, its key components and related objectives. Use a variety of identification techniques such as brainstorming, interviews, self-assessment, facilitated workshops, questionnaires and scenario analyses. In selecting among these techniques, consider how rigorously each business unit can implement them, and if openness among the participants would result. Analyze how both external and internal events can change the organization's risk landscape. This initial effort does not have to take months to accomplish. Start with a top-down approach. Begin to identify risks through workshops or interviews with executive management and by focusing on strategies and related business objectives. …