Risk Assessments in Action: Understanding Enterprise Risk Management Frameworks

The fear of unknowns is what keeps some people awake at night. It is obviously important to know a company's risks and opportunities to appropriate act. Coordinating this effort between strategic, operational, reporting and compliance objectives can be a daunting task. The board and management team alike are responsible for ensuring an efficient and effective company-wide risk response. As part of the risk process, organizations must understand and address the risks from both internal and external sources. Implementing a robust risk management program, that includes a strong fraud risk management component, will ensure that organizational vulnerabilities are proactively identified and addressed.

The Enterprise Risk Management (ERM) framework from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is one of the leading risk frameworks. This training session teaches attendees about this framework, as well as leading practices. The training takes attendees through each of the eight components of COSO's ERM:

1. Internal Environment – Encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity's people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.
2. Objective Setting – Ensures that management has a process to set objectives and that the chosen objectives support and align with the entity's mission and are consistent with its risk appetite.
3. Event Identification – Internal and external events affecting achievement of an entity's objectives must be identified, distinguishing between risks and opportunities.
4. Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed.
5. Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity's risk tolerances and risk appetite.
6. Control Activities – Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.
7. Information and Communication – Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities.
8. Monitoring – ERM is monitored and modifications made as necessary.

Successfully executing an ERM process will allow a company to:

• Confirm risks and opportunities
• Enable faster risk response decisions
• Minimize operational surprises and losses
• Identify and manage cross-enterprise risks
• Develop integrated responses to multiple risks
• Improve deployment of capital