1.
The Committee of Sponsorship Organizations (COSO) of the Tread way Commission developed with PricewaterhouseCoopers LLP a Risk Management Framework and an Enterprise Risk process for the organization with goals in four scenarios of the organization:
Strategic: Alignment of the members with the goals of the organization and supporting its mission and vision.
Operations: A correct use of the resources of the organization with efficiency and effectiveness.
Reporting: Transparency and availability of the information to all the stakeholders of the organization.
Compliance: The framework helps to comply with all the laws and regulations that affect the organization.
The components of the Enterprise Risk Management are:
Internal environment: The internal environment considers how the internal units and departments of the organization view and affront the risk. The aversion and appetite for risk are considered in the Risk Management Framework of the organization (Commission Committee of Sponsoring Organizations of the Treadway, 2004).
Objective Setting: The framework helps the organization to identify the potential risks for each objective of the organization. The Risk Management Framework supports the mission and vision of the organization.
Event identification: All the events that the organization faces must be identified with all the risk, opportunities, and related threads. The opportunities of each event are considered by the management of the organization to be channeled to the objectives-setting process.
Risk Assessment: All the risks in the organization operation are identified and analyzed considering the impact to the process.
Risk response: After the risk assessment, the organization must respond to a four-option scenario: sharing, accepting, reducing and avoiding. The sharing response consists in two take the risk shared with two or more organizations. The accepting response consists in the assumption of 100% by the organization. The reducing response consists in the assumption of a partial value of the risk for the organization. The avoiding response consists in the avoidance of 100% of the risk.
Control activities: The Risk Framework suggests control activities, policies, and procedures to achieve the objectives, mission and vision of the organization effectively.
Information and communication: An effective communication between the Risk Management Framework, members, and stakeholders of the organization is necessary to the correct execution of the individual responsibilities inside the organization.
Monitoring: The monitoring process is necessary to evaluate the evolution of the framework with the risk evaluation process.
2.
It is necessary for the organization to follow a series of steps to adopt an Enterprise Risk Management framework successfully, the first step is to define what the organization wants to get thanks to ERM. The organization needs to define which value of the organization wants to measure and determine that other metrics cannot demonstrate. Traditionally the organizations use balance sheets, cash flows and financial statements and financial ratios to measure the value of the organization. The measure of other value related to shareholder value, process and risk require the development of an Enterprise Risk Management in the organization.
The second step is the execution of a benchmarking process with different standards and frameworks. The considered standards and frameworks must meet the environment where the organization and the competition develop their operations.
The third step is evaluated what the organization is doing today. There are actions and procedures that today the organization is doing and accomplish one or two components of the Risk Framework. The first inventory helps the organization to save work and time in the development of the Risk Framework.
The fourth step is to seek support and help. There are specialists of risk that are available to help the organization to evaluate risks of the organization. It is important that at least one member of the board of the organization has advanced skills about the risk to guarantee successful results in the Risk Framework development.
The fifth step is to start with a small and simple structure, that approach will help the members of the organization to understand the importance of the Enterprise Risk Management for the organization and facilitates the execution of the process.
The sixth step is to report progress. It is important to track the progress of the framework, and it is recommended for the team to achieve early wins to motivate the members of the organization.
3.
The development of Key Risk Indicators (Fox, 2012) requires a method which includes the following steps:
■ Consider the opinion of the stakeholders of the organization
■ Consider trends, performance, and lead indicators.
■ The indicators must be studied considering its cause roots.
■ Consider risks with high probability and relevance for the business.
■ Determine the relation between the objective of the organization, strategic objective, tactic objective with the potential risk and key risk indicators.
It is possible to have one potential risk that affects one or more strategic objective of the organization, but there is always a direct relation between one potential risk and one key risk indicator.
4.
The organization must define a strategic objective to consider the key risk indicators. A strategic objective is related to a financial, legal or environment issue. A typical example of a financial, strategic objective is the improvement of a financial ratio as Return of Sales (ROS) or Return on Investment. Once the strategic objective is defined, two or more tactical objectives are necessary to consider the potential risks for the objective achievement. Each potential risk has one direct Key Risk Indicator (Beasley, Branson, & Hancock, 2004).
References
Beasley, M. S., Branson, B. C., & Hancock, B. V. (2004). Developing Key Risk Indicators to Strenghten Enterprise Risk Management. Retrieved from Committee of Sponsorship Organizations of the Treadway Commission: http://www.coso.org/documents/cosokripaperfull-finalforwebpostingdec110_000.pdf
Commission Committee of Sponsoring Organizations of the Treadway. (2004, September). Enterprise Risk Management Integrated Framework Executive Summary. Retrieved from Committee of Sponsoring Organizations of the Treadway Commission: http://www.coso.org/documents/coso_erm_executivesummary.pdf
Fox, C. (2012, November 14). 10 Easy Steps to Implement Enterprise Risk Management. Retrieved from Risk Management: http://www.rmmagazine.com/2012/11/14/10-easy-steps-to-implement-enterprise-risk-management/