Monday, January 17, 2011

Getting the Most Out of ERM

The Committee of Sponsoring Organizations of the Treadway Commission, or more commonly known as COSO, released a report this month on how companies can derive the most benefit from their Enterprise Risk Management (ERM) programs.  Authored by two professors and risk practitioners from DePaul University, the report provides approaches and action steps for companies to follow as they embark on their ERM journey.  Here is a summary list of key activities to bolster the ongoing implementation of an effective ERM program.



  1. A program of continuing ERM education for directors and executives

  2. ERM education and training for business-unit management

  3. Policies and action plans to embed ERM processes into the organization’s functional units such as procurement, IT,or supply chain units

  4. Continuing communications across the organization on risk and risk management processes and expectations

  5. Development and communication of a risk management philosophy for the organization

  6. Identification of targeted benefits to be achieved by the next step of ERM deployment

  7. Development of board and corporate policies and practices for ERM

  8. Further discussion and articulation of a risk appetite for the organization and /or significant business units, including quantification

  9. Establishment of clear linkage between strategic planning and risk management

  10. Integration of risk management processes into an organization’s annual planning and budgeting processes

  11. Expansion of the risk assessment process to include assessments of both inherent and residual levels of risk

  12. Exploration of  the need for a dedicated Chief Risk Officer or ERM functional unit



Wheelhouse Advisors is fully equipped to help companies with activities such as these.  For more information, please visit www.WheelhouseAdvisors.com.

Posted by at
Labels: , , ,

3 comments:

  1. Jake M.January 18, 2011 at 5:48 AM

    A lot of these key activities overlap with the RIMS Risk Maturity Model. These are certainly great ideas to get your risk management program off the ground, but how do you create an ERM infrastructure to accomplish these "key activities"?

    ReplyDelete
  2. Wheelhouse AdvisorsJanuary 19, 2011 at 8:18 AM

    The key to creating a solid ERM infrastructure is to weave ERM practices into current business processes so that it is not viewed as a separate and distinct exercise. For example, a business unit's performance metrics should align with the key risk indicators so that incentives are properly set. This fosters a culture of what we call "risk mindfulness" and ensures that ERM does not fade away over time.

    ReplyDelete
  3. Richard CromwellJanuary 21, 2011 at 4:06 AM

    You can have all the best process' in the world, but without TOP Management and Board Support....Good Luck!

    ReplyDelete

Subscribe to: Post Comments (Atom)