|
|
Enterprise Risk Management (ERM) Intermediate Process Secrets Revealed
Whatever level of risk management, change management or similar process your company has in place, sometimes people like to obtain working definitions without having to ask the expert who enjoys using hard to understand acronyms.
Difficulty to understand the industry vernacular may be part of why a study showed 89% of executives said they wanted to build an Enterprise Risk Management (ERM) process into their organizations; yet only 11% of their companies had completed the implementation.
Five additional aspects of (ERM) follow:
1. How do I know what my risks are?
The number of risks any organization is exposed to is significant. One of the ways of creating a manageable risk inventory is to group them into four categories: business, operations, financial, and informational services. Examples of risk exposure include: customers being unsatisfied; gaps between required and real levels of performance; inaccurate financial statements; and unauthorized access to customer information.
2. Once I know what my risks are how do I determine the level of risk?
This can be a judgment call. Once a risk inventory is established, each risk needs to be evaluated in terms of its probability and estimated financial impact. Once this is done, each risk needs to be assessed and the organization then determines how the risk is going to be handled.
3. I know my risks and their potential impact. What do I do now?
There are four strategies associated with the management of risk: (1) avoidance, (2) sharing, (3) reduction, and (4) acceptance. Acceptance means choosing to do nothing. An example might be to accept the risk of a nuclear holocaust because the risk management cost would be prohibitive. Insurance is a form of risk reduction. Risk sharing might be joining a partnership in a new venture, deciding not to go into the venture would be an example of risk avoidance.
4. Who implements ERM?
Everyone in the organization shares responsibility for the ERM program. The level of responsibility is dependent on the individual's job. The board of directors is responsible for oversight while the head of the organization is accountable. Management operates within the organization's risk philosophy and appetite. Management also supports and monitors compliance with employees following appropriate policies and procedures.
5. What role does an internal audit have?
Internal audit tests organization policies and procedures and communicates its effectiveness to management. An internal audit also recommends risk management improvements. The following is an example of the implementation of policies and procedures. Employees are mandated to follow OSHA regulatory requirements for purposes of employee safety. An internal audit would test compliance with those policies and procedures.
Unearth the hidden risks that could topple your company, so you can use Best Practices for Long-Term Business Health to increase the likelihood of reaching your long term personal and personal goals.
Again, the good news is that if you already have any of these systems in place (strategic planning, quarterly budgeting, risk management, operations review, entire enterprise risk management, risk assessment, process improvement, performance management, change management, scenario planning, or contingency planning), you have foundation blocks to improve your risk management capabilities by using some of the steps above.
About the Author Bottom line? What is the cost of what you do not know in your business, when you are not hitting your numbers and your employees are full of excuses? Stick Out Your Balance Sheet & Cough is available at Amazon or visit http://www.fiscaldoctor.com Gary W Patterson Copyright 2009
|
 |
Please Rate: |
|
Rating: |
 Processing ... |
(Average: Not rated) |
| Views: | 43 | |
|
| More Articles from Corporate | | |
| Top Articles in Corporate | | |
|
