| Risk Management has always been with us, as long as risk itself. If we define risk as any uncertainty about future events that impact an organizations’ ability to achieve its objectives, then we can define risk management as the set of activities that control and mitigate those risks. Risk is usually measured in terms of its impact (cost, severity) and the likelihood (probability, frequency) that it materializes. Risk management implies controls. And as we have come to learn, it also implies opportunity. major corporate scandals involving Enron and WorldCom among others, which resulted in the Sarbanes-Oxley Act of 2002. And, in 2002, the Committee of Sponsoring Organizations (COSO) issued its second report in which they solidified the term Enterprise Risk Management in our lexicon. COSO II expanded upon its initial report in three areas:
What started as a need for compliance by publicly traded companies, expanded to include not only the need for various other compliances, but also the need for better governance for all public and private sector agencies and organizations. Issues of trust, integrity, and accountability became important for all stakeholders in the public and private sectors. The activities surrounding risk management took on a holistic approach. Risks are seen as opportunities and controls are seen as value enablers. processes and corporate governance throughout the world. Success is now measured by how well we manage risk and make it work for us. Success also is measured in terms of honesty, integrity, and a strong ethical stature. ERM is about risk management across the business and it starts with the risk that the business may not be properly governed. Corporate officials need a better way to meet the expectations of share-holders and policyholders for accountability, transparency, full disclosure, and compliance. They need to manage complex financial and related processes and create internal controls that promote a higher level in governance and greater opportunities for growth. Governance, risk and compliance objectives need to be integrated with day-to-day operations. dependent upon good governance which starts at the top and must include the entire organization and must be embedded in the culture. Good governance is achieved when officials have established the appropriate organizational processes, controls, and objectives to measure and manage risk across the enterprise. Risk management should be a sustainable and uniform process that enables an entity to manage its overall risk so as to maximize value and minimize volatility. A primary focus of risk management practitioners is on better risk communication in terms of better reporting systems. Improved decision making is dependent upon improved risk information which is developed and presented in a timely manner. The right information must be delivered to the right person at the right time. Perhaps more importantly is the need decision makers have for tools to help them analyze and interpret the information correctly in order to minimize volatility and maximize value. Business intelligence and performance management systems are designed to meet this need and these technologies are beginning to integrate with risk management programs. The answer to these integration problems seems to lie with technology properly aligned with best business practices. Decision makers at all levels need the tools to help them optimally build this alignment, but the last thing they need is another disparate system. That is why we have seen the trend towards an integrated enterprise approach to the alignment of business processes with technology. We are seeing a convergence and homogenization of these systems including Enterprise Performance Management, Risk Management and Compliance, Enterprise Resource Planning, and Business Intelligence. This is only a partial list but I think most industry analysts would agree that information is the “common denominator” and Business Intelligence (BI) is the single most important methodology that ties everything else together. BI serves as a synergistic catalyst for systems and business process to form true integrated interoperability. Successful enterprise risk management does not have to be a burden to an organization. If the right technology is applied, ERM can be accomplished while improving the overall efficiency and productivity of the enterprise. ERM is not an event, but rather an on-going process which must be embraced by the entire organization. To maintain and sustain this effort over the long haul, it is imperative that business processes are supported and enhanced by technology. The best advice is to find a solution that offers a practical and comprehensive way to collect and organize the plethora of risk information that forms the foundation for any successful risk management and compliance program. A solution for mapping, assessing, managing and reporting on all risk categories is a must if you want to provide your executive level decision makers with a single point of access to all critical risk information. Ideally, an ERM solution such as this would provide these features through an enterprise-wide, integrated methodology which: 1) Promotes consistent and uniform governance among departments and business units 2) Supports process workflow 3) Defines business processes as risk activities 4) Supports qualitative and quantative risk assessment processes 5) Provides for the collection, measurement and reporting of key risk indicators 6) Leverages risk as process drivers to enable the achievement of strategic objectives 7) Features predictive analytics and other decision support functionality |
| Enterprise Risk Management – A Holistic Approach |
| Quality . Performance . Value |
| Enterprise Risk Management consulting services |
 |  |  |  |  |
ERMcs Guiding Principles:
|
_________________________________________________________________________________________________