The Fraud Examiner

A Road Map for Establishing an Enterprise Risk Management Program

John Thackeray, CFE      
Founder and CEO of Risk Smart Inc.

Enterprise risk management (ERM) is the process of planning, organizing, leading and controlling the activities of an organization to minimize the effects of risk on an organization's capital and earnings, reputation and shareholder value. The benefit of ERM is that it aligns organization, people, processes and infrastructure, provides a benchmark for risk/reward, aids risk visibility to operational activities and for the more mature benefit, creates a competitive advantage. It is an important process for organizations of all sizes and within all industries. Here’s a look at how to develop an ERM strategy.

Business objectives and strategy

Risk management must function in the context of business strategy, and the first step in this integration is for an organization to determine its goals and objectives. Typical organizational strategic objectives include market share, earnings stability/growth, investor returns, regulatory standing and capital conservation.

From there, the institution assesses the risk implied in that strategy implementation and determines the level of risk it is willing to assume in executing that strategy — given its internal risk capacity, existing risk profile, vision, mission and capability. Since strategies are usually predicated on assumptions (beware those that are unspoken and unverified) and calculations that may or may not be accurate, the role of ERM is to challenge these assumptions and the execution of such strategy. ERM and strategic management are not two separate things; rather, they are two wheels of a bicycle that must be built uniformly in order to contribute to the stability of the whole.

Determining risk appetite

Risk direction is defined by the risk appetite — which, in turn, is defined as the amount of risk (volatility of expected results) an organization is willing to accept in pursuit of a desired financial performance (returns). A risk appetite statement is the critical link that combines strategy setting, business plans, capital and risk. It reflects the entity’s risk management philosophy and influences the culture and operating style. When determining your risk appetite, think about your:

Sign In

Not a member? Click here to Join Now and access the full page.