Enterprise Risk Management
The COSO "Enterprise Risk Management-Integrated Framework" defines ERM as a "…process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives.
Enterprise risk management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings. Enterprise risk management expands the process to include not just risks associated with accidental losses, but also financial, strategic, operational, and other risks.
ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress.
Enterprise Risk Management encompasses:
Aligning risk appetite and strategy – Management considers the entity’s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks.
Enhancing risk response decisions – enterprise risk management provides the rigor to identify and select among alternative risk responses: risk avoidance, reduction, sharing, and acceptance.
Reducing operational surprises and losses – entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses.
Identifying and managing multiple and cross-enterprise risks – every enterprise faces a myriad of risks affecting different parts of the organization, and enterprise risk management facilitates effective response to the interrelated impacts, and integrated responses to multiple risks.
Seizing opportunities – by considering a full range of potential events, management is positioned to identify and proactively realize opportunities.
Improving deployment of capital – obtaining robust risk information allows management to effectively assess overall capital needs and enhance capital allocation.
In recent years, external factors have fueled a heightened interest by organizations in ERM. Industry and government regulatory bodies, as well as investors, have begun to scrutinize companies' risk-management policies and procedures. In an increasing number of industries, globally, Boards of Directors are required to review and report on the adequacy of risk-management processes in the organizations they administer.
The COSO "Enterprise Risk Management-Integrated Framework" defines ERM as a "…process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."
Enterprise risk management is:
⇢ A process, ongoing and flowing through an entity
⇢ Effected by people at every level of an organization
⇢ Applied in strategy setting
⇢ Applied across the enterprise, at every level and unit, and includes taking an entity- level portfolio view of risk
⇢ Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite
⇢ Able to provide reasonable assurance to an entity’s management and board of directors
⇢ Geared to achievement of objectives in one or more separate but overlapping categories
⇢ The COSO ERM Framework has four objectives and eight Components categories.
The four objectives categories are:
1. Strategy - high-level goals, aligned with and supporting the organization's mission
2. Operations - effective and efficient use of resources
3. Financial Reporting - reliability of operational and financial reporting
4. Compliance - compliance with applicable laws and regulations
The eight components - additional components highlighted - are:
1. Internal Environment - The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.
2. Objective Setting - Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite.
3. Event Identification - Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management’s strategy or objective-setting processes.
4. Risk Assessment - Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis.
5. Risk Response - Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite.
6. Control Activities - Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.
7. Information and Communication - Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity.
8. Monitoring - The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both.
Enterprise Risk Management Services include:
✔ Assisting with the Development and Implementation of Enterprise Risk Management frameworks.
AMCS reviews the entity, it’s: industry, structure, business processes, activities and regulatory requirements to assist entities seeking to develop Enterprise Risk Management (ERM) and assists with the implementation of the framework.
Clients are presented with:
⇢ Introduction to Enterprise Risk Management
⇢ Enterprise Risk Management Integrated Framework
⇢ The Business Case for Enterprise Risk Management
⇢ The Role of Executive Management
⇢ The Role of the Directors
⇢ The Role of the Chief Risk Officer
⇢ The Role of Internal Audit
⇢ Risk Management Oversight Structure
⇢ Risk Management Vision & Objectives
⇢ Conducting Risk Assessments
⇢ Developing the Enterprise Risk Management system
⇢ Implementation
⇢ Limitations of Enterprise Risk Management and how to overcome them
⇢ The Importance of Monitoring
✔ Reviews of existing Enterprise Risk Management System.
AMCS considers the entity, it’s: industry, structure, corporate governance, business processes, systems, activities, regulatory requirements, current performance, challenges and matters identified, if any, when reviewing existing Enterprise Risk Management System to suggest improvements.
✔ Independent monitoring of Enterprise Risk Management System
AMCS independently monitors Enterprise Risk Management System. This is important to ensure the effectiveness and efficiency of the entity’s Enterprise Risk Management System. Effective and efficient Enterprise Risk Management System enhance the performance of the entity and reduces the risk of loss due to Fraud and poorly managed risks. AMCS communicates matters identified and suggests improvements. AMCS also issues updates on developments in Enterprise Risk Management.
Corporate Finance and Treasury Management: |
Management Reporting |