Large scale organizations need to follow a structured approach to deploying ERM. This involves understanding the risk appetite and risk philosophy of the organization at the inception.
ERM strategies involve basing your risk mitigation foundation on the following key principles:
- Relevant roles and functions to be defined.
- All directives flow from senior management levels down to operational levels.
- All aspects and all possible risks are covered.
Developing an ERM solution based on these foundations can be phased as follows:
1. Developing a risk program
- Identify the ERM owner and other team members.
- Determine governance compliance and risk investment.
- Get approvals from appropriate sources/senior management.
2. Assessing risks and mitigating controls
- Undertake surveys within the organization.
- Identify risks within specific function areas [preferably through CRSA workshops].
- Prioritise risks in accordance with predetermined impact and probability levels and the organisation’s Hierarchy of Assets.
- Identify existing controls and evaluating their strengths in mitigating risks
- Identify “residual risks”
3. Executing risk strategy
- Identify “residual risk” mitigation strategies as per prioritization.
- Understand the organization’s risk tolerance and risk appetite.
- Ensure commitment from management regarding plan execution, channels for improvement and future steps.
4. Risk validation and monitoring
- Verify that risk mitigation plans are suitably designed and implemented.
- Follow a vigorous ongoing monitoring and reporting strategy.
- Continually be on the lookout for new risks and alter current ERM modules to tackle such eventualities.
An important fact to note is that in larger organizations most of these decisions are not centralized; rather they are located and administered across the various sub-divisions within the organization. A successful risk compliance strategy will ultimately depend on the collaborative input, effort and feedback from all the operations within the core company. https://plus.google.com/102049298284961378626/?rel=author
Latest posts by Mohammed Nasser Barakat (see all)
- The Seven Operational Risk Event Types Projected by Basel II - December 15, 2014
- Overseas Businesses Endangered by Political Risks - November 20, 2014
- Reputational Risks Arising out of Social Media - November 5, 2014