What is Enterprise Risk Management?
(ERM)
A structured and disciplined approach that aligns strategy, processes, technology, and knowledge to manage uncertainties and maximize shareholder value.
ERM provides a holistic, integrated, forward-looking, and process-oriented approach to managing all key business risks and opportunities, not just financial ones.
How does ERM differ from traditional risk management?
ERM provides a top-down view of key risks facing the organization and coordinates risk management across the entire organization.
Traditional risk management often operates in silos, focusing on individual departments without considering the organization-wide impact.
What is the objective of Enterprise Risk Management?
To coordinate risk identification, assessment, and management throughout the organization to maximize coverage and reduce overlooked risks.
What is a portfolio view of risk in ERM?
An approach that evaluates how risks interact across the company, optimizing the entire portfolio by balancing risk and return.
This avoids fragmented and potentially conflicting risk strategies and allows for more effective resource allocation.
What role does corporate governance play in ERM?
It provides oversight of risk management, ensuring management has robust processes to identify, assess, manage, and monitor significant risks.
True or False:
ERM should be integrated with corporate governance.
True
Integrating ERM with corporate governance improves communication regarding strategic risks, aligns managerial focus, and enhances transparency.
What is the COSO 2017 definition of ERM?
The culture, capabilities, and practices that organizations integrate with strategy-setting to manage risk in creating, preserving, and realizing value.
Why is integrating risk management with strategy selection important?
It helps in understanding the implications of a strategy and ensures alignment with the organization’s mission, vision, and values.
What are the benefits of integrating risk management with strategic planning?
Enhances strategic resilience and long-term performance by embedding risk considerations in decision-making at all levels.
List the components of the COSO 2017 ERM Framework.
- Governance and Culture
- Strategy and Objective-Setting
- Performance
- Review and Revision
These components guide organizations in embedding risk considerations into governance, strategic decision-making, and operations.
What is the purpose of the portfolio view of risk in ERM?
To consider risk in aggregate across the organization rather than in isolation.
The portfolio view informs decision-makers and enables a timely, coordinated response to risk.
Why is the Review and Revision component important in risk management?
Because business environments change, requiring regular evaluation and revision of ERM components.
This ensures risk responses remain appropriate and lessons learned inform continuous improvement.
What is essential for effective risk management communication?
- Capturing relevant risk information
- Processing and communicating information throughout the organization
- Transparency across all levels
External sources such as market data and regulatory updates are also essential inputs.
What is the objective of the COSO ERM framework?
To enhance an organization’s ability to understand and manage risk in alignment with its goals, thereby creating and preserving value.
Fill in the blank:
ERM integrates risk awareness into every part of an organization’s ______, operations, and performance monitoring.
strategy
What are the five components of the COSO ERM framework?
- Governance and Culture
- Strategy and Objective-Setting
- Performance
- Review and Revision
- Information, Communication, and Reporting
What principle involves the board of directors providing oversight of the strategy?
Exercises board risk oversight.
What is the focus of the principle ‘Evaluates alternative strategies’?
Evaluating alternative strategies and their potential impact on the risk profile.
What does the principle ‘Identifies risk’ entail?
Identifying risks and risk events that can impact the performance of strategy and business objectives.
What does the principle ‘Prioritizes risks’ focus on?
Prioritizing risks as a basis for selecting responses to risks.
What is the significance of the principle ‘Develops portfolio view’?
Developing and evaluating a portfolio view of risk.
What does the principle ‘Assesses substantial change’ involve?
Identifying and assessing changes that may substantially affect strategy and business objectives.
What is the goal of ‘Pursues improvement in enterprise risk management’?
Pursuing improvement of enterprise risk management.
What does the principle ‘Leverages information systems’ emphasize?
Leveraging the entity’s information and technology systems to support enterprise risk management.
-
Strategic Planning Process18
-
Strategic Frameworks26
-
Mission, Vision, and Goals11
-
External Environmental Analysis30
-
Competitive Analysis27
-
Internal Environmental Analysis25
-
Competitive Advantage Fundamentals10
-
Global Strategy and Expansion23
-
Value Chain and International Risks23
-
Business-Level Strategies39
-
Corporate-Level Strategies31
-
Functional Strategies32
-
Sustaining Competitive Advantage16
-
Strategic Alternatives and Cost-Benefit Analysis37
-
Customer and Investment Analysis29
-
Risk Management Foundations46
-
Enterprise Risk Management26
-
Strategy Execution and Budgeting21
-
Measuring Strategic Performance55
-
Governance and Strategic Leadership26
-
Incentives and Organizational Structure27
-
Ethics and Strategic Decision Making17
-
Ethical Codes and Professional Practice20
-
Corporate Social Responsibility11
