How Large Scale Organizations Deploy ERM

Enterprise Risk Management Software

Large scale organizations need to follow a structured approach to deploying ERM. This involves understanding the risk appetite and risk philosophy of the organization at the inception.

ERM strategies involve basing your risk mitigation foundation on the following key principles:

  • Relevant roles and functions to be defined.
  • All directives flow from senior management levels down to operational levels.
  • All aspects and all possible risks are covered.

Developing an ERM solution based on these foundations can be phased as follows:

1. Developing a risk program

  • Identify the ERM owner and other team members.
  • Determine governance compliance and risk investment.
  • Get approvals from appropriate sources/senior management.

2. Assessing risks and mitigating controls

  • Undertake surveys within the organization.
  • Identify risks within specific function areas [preferably through CRSA workshops].
  • Prioritise risks in accordance with predetermined impact and probability levels and the organisation’s Hierarchy of Assets.
  • Identify existing controls and evaluating their strengths in mitigating risks
  • Identify “residual risks”

3. Executing risk strategy

  • Identify “residual risk” mitigation strategies as per prioritization.
  • Understand the organization’s risk tolerance and risk appetite.
  • Ensure commitment from management regarding plan execution, channels for improvement and future steps.

4. Risk validation and monitoring

  • Verify that risk mitigation plans are suitably designed and implemented.
  • Follow a vigorous ongoing monitoring and reporting strategy.
  • Continually be on the lookout for new risks and alter current ERM modules to tackle such eventualities.

An important fact to note is that in larger organizations most of these decisions are not centralized; rather they are located and administered across the various sub-divisions within the organization. A successful risk compliance strategy will ultimately depend on the collaborative input, effort and feedback from all the operations within the core company.

How Large Scale Organizations Deploy ERM was last modified: May 6th, 2014 by Mohammed Nasser Barakat
Be Sociable, Share!

Mohammed Nasser Barakat

Partner at CAREWeb
(Mohammed Nasser) Barakat, is the BRS Service Line Leader for the ME region. Nasser has an MBA in Professional Accounting and a BS Degree in Banking and Finance.He is a Certified Public Accountant in Colorado State, USA, a Certified Control Self Assessment Practitioner and a Certified Fraud Examiner. Find me on