Enterprise risk management (ERM) is an integrated, forward-looking and process-orientated approach to managing all key business risks and opportunities - not just financial ones - with the intent of maximizing value for the enterprise as a whole. KnowledgeLeader provides policies, tools, articles, and other resources to help you:
- Understand enterprise risk management
- Develop risk management and risk assessment checklists, policies, and procedures;
- Understand current risks;
- Discover best practices to mitigate risk;
- Reduce business risk in all areas.
Articles from thought leaders share techniques and approaches, providing ideas, best practices, and actionable advice. Select one of the areas below to view a sample of the risk management and risk assessment information available on KnowledgeLeader. We have also provided summaries of other risk related articles and tools that are available with a free trial or subscription.
Below you will find just a few examples of the KnowledgeLeader materials focused on Enterprise Risk Management:
Credit Risk Policy
This sample outlines a set of policies and procedures formalizing the credit risk management process, the goal of which is to: protect against any unwarranted customer or counterparty credit exposures; maintain credit risk at a manageable level; and identify and avoid a material credit failure (of a significant value, which would impact earnings).
Enterprise Assessment and Monitoring Procedures
The purpose of this document is to develop a consistent process for scheduling and managing IT security assessment processes. The general steps outlined provide a process for conducting various types of assessments, as well as guidelines for monitoring of security compliance within the computer system and network environments.
Enterprise Business Risk Management Process - Overview Framework
Enterprise business risk management is illustrated broadly in this framework. It is a continuous process of establishing risk management objectives, assessing risks within the context of established tolerances, developing strategies and implementing risk management processes, and monitoring and reporting upon those processes.
Enterprise Risk Management Interview Questionnaire
The ultimate goal of Enterprise Risk Management (ERM) is to evaluate total returns relative to total risks, leading to more informed business decisions. This questionnaire can be used when assessing an organization’s enterprise risk management strategy. It focuses on the internal environment, objective setting, event identification, risk assessment, risk response, control activities, and information and communication.
Enterprise Risk Management Project Plan - Sample
Enterprise Risk Management (ERM) requires clear risk management goals and objectives, linked to business objectives and strategies. This document is a sample project plan utilized during the planning phase of implementing ERM across an organization. The project plan supports a phased implementation approach detailing tasks, deliverables, and a project timeline.
ERM Summary Approach – Guide
Identifying, understanding and evaluating the organization’s most significant risk areas will set the foundation for a robust ERM program. This guide outlines an approach to building ERM capabilities that includes the following components: planning, facilitated risk discussion, risk analysis, external verification, management review and gap assessment.
Fraud Prevention and Detection Audit Work Program
This program can be used by internal auditors as an evaluation tool or converted into a questionnaire for use with management to better understand current fraud prevention and detection program activities.
Human Resources Risk Management Presentation
This short guide helps define human resources risk, and identify the major HR processes and sub-processes where risks occur.
Job Description: Chief Risk Officer - Sample 3
This job description example provides requirements for the position of Chief Risk Officer.
Managing Outsourcing and Offshoring Risk – Questionnaire
As companies focus on managing their operations in a difficult economic environment, they seek to become leaner and more focused, efficient and effective. This document focuses on questions for board members and management to consider when managing risks related to outsourcing or offshoring business activities.
Risk Assessment Survey Template - Sample
The goal of Enterprise Risk Management is to identify, evaluate and manage key risks impacting an organization’s ability to achieve its objectives and strategies. This document provides a template to inventory and assess critical risk areas (business functions) and the associated risks embedded within each area. The results can be used to help develop an Internal Audit Plan. The results may also be included in the Risk Assessment Report provided to the Audit Committee.
Risk Management Oversight Committee Charter
The purpose of the Risk Management Oversight Committee is to monitor the organization’s risk environment and provide direction for the activities to mitigate, to an acceptable level, the risks that may adversely affect the company’s ability to achieve its goals. This charter serves as an example document outlining this committee’s various responsibilities.
Using Risk Management Frameworks
This presentation defines and describes various types of internal controls. Then it reviews control frameworks including COSO, COSO ERM, and COBIT. Finally, it describes the elements and implementation of an enterprise risk management solution.
The Combined Code of Corporate Governance (Turnbull Report) - UK
The Combined Code of Corporate Governance challenged directors of listed companies to raise their game on business risk management. To help companies respond, in 1999 the Institute of Chartered Accountants of England and Wales's (ICAEW) Internal Control Working Party chaired by Nigel Turnbull, published Internal Control: Guidance for Directors on the Combined Code ("the Turnbull report"). The Turnbull guidance was updated on October 2005.
Assessing Current Capabilities and Areas for Improvement
Among Today’s Internal Auditors - Bob Hirth reviews key findings from the firm's 2010 Internal Audit Capabilities and Needs Survey.
Assimilating Governance into your ERM Process
In an increasingly risky world, the discipline of risk management is moving steadily beyond the tactical level as organizations take a fresh look at enterprise risk management (ERM) and explore how best to assimilate governance into their ERM process. Integrating governance and ERM is not a new idea. The two processes have long been intertwined conceptually. Since integration is so vital to the success of ERM, this article focuses on assimilating governance into the ERM process.
Building an internal audit function at Cadence Design Systems
Cadence Design Systems, Inc. is the world's leading electronic design automation technologies and engineering services company. In this profile, John Springer, director of internal audit and compliance at Cadence, discusses how the internal audit group was formed in response to the emergence of Sarbanes-Oxley regulations, and how it was internal audit’s role to program Sarbanes-Oxley compliance processes throughout the business. Springer also describes the cultural shift within the organization around accepting and understanding the presence of an internal audit function.
Case Studies of Using GAIT-R to Scope PCI DSS Compliance
The PCI DSS (Payment Card Industry Data Security Standard) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data. Using GAIT-R to scope PCI DSS compliance adds value, provides efficiency and effectiveness for use of resources for management, security, and audit. The article provides a working methodology to identify the appropriate combination of key controls to include in the scope of a PCI DSS compliance audit.
Enterprise Risk Management in Practice – Profiles of Companies Building Effective ERM Programs
With the increased interest in enterprise risk management (ERM), it made sense to compile examples of how different companies in the United States, Europe and Japan are improving their risk management capabilities. In this publication, 11 companies are profiled discussing the common theme of how ERM is integrated into their operations. In producing the various profiles for this publication, several common themes emerged that demonstrate why and how companies across multiple industries are improving their risk management capabilities. Each of these profiles are published as stand-alone publications in the Performer Profiles area on KnowledgeLeader.
Enterprise Risk Management and Board Risk Oversight – A Tale of Two Surveys from COSO
This podcast reviews the results of two just-released research studies from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). One, which COSO commissioned Protiviti to conduct, offers a look at where boards of directors currently stand in executing their risk oversight responsibilities. The second, conducted by the Enterprise Risk Management Initiative at North Carolina State University, assesses the current state of enterprise risk oversight and market perceptions of COSO’s ERM Framework.
Exception Management Explained
The growing need for “exception management” capabilities among organizations of all sizes stems from a steady flow of new regulatory compliance and risk management requirements in recent years. These requirements force process owners to incorporate more rigorous compliance and risk-monitoring into their activities. This need, combined with the evolution of business analysis requirements, has given rise to continuous auditing and continuous monitoring, particularly at companies committed to getting the most valuable bang for their internal audit buck.
Guide to Enterprise Risk Management: Frequently Asked Questions
In today’s challenging global economy, there is a need for identifying, assessing, managing and monitoring an organization’s business opportunities and risks. The concept of enterprise risk management (ERM) helps elevate the focus of risk management from the tactical to strategic level. The purpose of this publication is to address some of the most commonly asked questions with respect to ERM. It offers ideas, suggestions and insights to executives responsible for ERM implementation.
Internal and external forces shape risk management at Akzo Nobel
Akzo Nobel, based in the Netherlands, is a global Fortune 500 company serving customers through its three business segments − human and animal healthcare, coatings and chemicals. In this profile, Dick Oude Alink, corporate risk manager, discusses how the company’s diverse and decentralized business landscape lends itself to risk management. Oude Alink also describes the company’s risk management Knowledge Center, which ensures risk-related information is timely, accurate, and readily available at all levels of the organization.
Introduction to Risk Analysis
Risk management is a process that provides management with the balance of meeting business objectives or missions and the need to protect the assets of the organization cost effectively. In this period of increased external scrutiny due to the countless questionable management decisions and the corresponding legislative backlash, risk management provides management with the ability to demonstrate active due diligence and how they are meeting their fiduciary duty. This chapter examines how risk analysis helps managers meet their due diligence requirement.
Managing Contract Risks: Third-Party Contract Audits
As outsourcing becomes more prevalent, management’s expectations of service providers will rise – going beyond simply requiring reliable operations to demanding a true business partner who provides a competitive advantage. Utilizing stringent contract management and detailed contract audit procedures can help deliver the value management expects from outsourced arrangements.
Overcoming Biases in Operational Risk Scenario Analysis
As traditional forecasting and planning no longer fully serve business needs, many financial organizations are using scenario analysis to evaluate the impact and likelihood of extreme but plausible risk events. In this article, David Shu explains how, if successfully executed, scenario analysis can be the most valuable element in an organization’s operational risk management framework.
Relevance to Sarbanes-Oxley Compliance
This section of Protiviti's “Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the relevance of Sarbanes-Oxley compliance. Topics covered include: Does the Sarbanes-Oxley Act of 2002 require companies to adopt ERM? Are there any other laws and regulations mandating ERM? Can ERM assist certifying officers with the discharge of their Section 302 certification and Section 404 assessment responsibilities? And, should management broaden the focus on compliance to managing business risk?
Risk-Based Performance Improvement
Performance management and risk management can complement each other and can result in improved company performance and the creation of shareholder value. However, reality shows that performance management initiatives and risk management activities are frequently not harmonized. This article describes the principle of Risk-Based Performance Improvement (RPI) and its associated benefits to companies.
Risk Quantification
Management of business risks has become an increasingly important issue. In this article, Protiviti’s Dr. Gabriel Kuhn presents background information on risk measurement and estimation and shows several quantification methods for the four main risk types: credit, market, liquidity and operational risk.
The Elephant in the Room – Understanding the Audit Challenges of Project Risk
The value of internal audit as a critical component of corporate governance and risk management is an undisputed fact. However, within an increasing audit universe, there is an elephant in the room that often escapes notice during the audit planning process but can have significant implications for the business if left unaddressed. Part one of this two part series, introduces this elephant: the need for oversight and monitoring of project risk. The final part of the series discusses what traps to avoid when reviewing project risk and internal audit’s growing role in this area.
The Practical Challenges of Enterprise Risk Management
Enterprise risk management (ERM) is currently front of mind for many senior executives and board members. Many companies have been challenged to implement ERM in a practical manner that meets the requirements of its board while not introducing unnecessary administration and costs on management and staff. This is not an easy balance to strike. So, what works in practice?
Proactive Risk Management with SAP BusinessObjects – Leveraging Technology to Gain Enterprise Transparency and Rapid Insight into Changing Business Conditions
“What is the totality of our enterprise risk?” That’s a question being raised more often in today’s boardrooms as organizational leadership comes to realize that effective enterprise risk management (ERM) entails more than just the monitoring of financial risk. While financial risk is still an ongoing concern, enterprises also must be vigilant about identifying and being prepared to respond proactively to a wide range of risk, such as: strategic risk; environmental- or health-related risk; political/geopolitical risk; operational risk; and legal and compliance risk.
Regulatory Intelligence: Leveraging Technology to Maintain Compliance Efficiently and Effectively
Regulatory compliance ranks among the top challenges for organizations today. Whether it is Sarbanes-Oxley, corruption or the countless financial regulations that are in the process of being reformed worldwide, companies have seemingly countless laws and requirements they must comply with or face severe penalties. They also face the challenge of doing so without crippling their revenues and profits. In this episode, Protiviti Managing Director Scott Gracyalny talks about the importance of regulatory intelligence and leveraging technology to achieve compliance efficiently and accurately.
Securing the Cloud—Governance, Risk and Compliance Issues Reign Supreme
While acknowledging the many benefits that cloud computing solutions bring to the world, it is important to note that recent research has identified a myriad of potential governance, risk and compliance (GRC) issues. This article informs the potential cloud adopter, not only of the technological benefit, but also the potential security, privacy and related GRC issues that need to be prioritized, managed and mitigated before full implementation occurs.
Supply Chain Disruptions in Japan May Have a Ripple Effect
As the third-largest economy in the world, any disruptions in Japan can impact the global economy given the interconnectivity of relationships with which many companies manage their supply chain. This Flash Report discusses several topics on this theme including why this topic is important, illustrative examples, the importance of taking an end-to-end enterprise-wide view when managing operational risk, and what to do when the unthinkable happens.
Technology Investment: Achieving Balance Between Business Requirements and Regulatory Compliance
Today, with most enterprises having achieved initial compliance, the effort is shifting toward a critical phase: Companies now strive to maintain ongoing compliance while working to drive down cost and improve overall business performance. The effective CIO must now strive to balance aspects of IT growth, business alignment, risk mitigation, operational efficiency and compliance.
Understanding, Defining and Managing Risk Appetite
In the wake of a global financial crisis that changed the economic landscape and how companies worldwide operate, a key area of focus for boards and executive management has been risk appetite. What is a company’s tolerance for undertaking risk? What is the difference between just enough and too much? In this podcast, Managing Directors Cory Gunderson and Michael Schuchardt talk about risk appetite and how it can create competitive advantage.
Veritas – Risk management and audit services at Harvard University
Founded in 1636, Harvard University is one of the most venerable institutions of higher learning in the U.S. In this profile, Gail McDermott, chief audit executive of the Risk Management and Audit Services function at Harvard, discusses three key team initiatives. These include developing an internal control structure that supports globalization efforts, application of SAS 112, and promoting ethics and accountability across the University.
KnowledgeLeader also helps you find the best links to other ERM and Risk Assessment related resources on the web. Here are a few examples.
COSO Enterprise Risk Management - Integrated Framework
The framework defines essential enterprise risk management components, discusses key ERM principles and concepts, suggests a common ERM language, and provides clear direction and guidance for enterprise risk management. Engaged by COSO to lead the study, PricewaterhouseCoopers was assisted by an advisory council composed of representatives from the five COSO organizations.
Global Association of Risk Professionals
This site offers downloadable correlation and volatility spreadsheets, a currency converter, full-text articles from the GARP monthly newsletter, and information on Financial Risk Management (FRM) certification. Users can also access educational resources including study guides, sample questions, and class updates.
IRMI: The Risk Analysis and Insurance Training Company
IRMI provides advice and strategies for risk management, insurance, and legal professionals. This website includes an online library of risk and insurance publications, conferences, webinars, and seminars.
OCEG
OCEG is a nonprofit organization that uniquely helps organizations drive Principled Performance™ by enhancing corporate culture and integrating governance, risk management, and compliance processes via: guidelines and standards, community of practice, and evaluation criteria & benchmarks.
Protiviti's Enterprise Risk Management Solution
Enterprise risk management (ERM) is a structured and disciplined approach to managing risk. ERM aligns the organization's strategies, processes, technology and knowledge with the purpose of improving its ability to evaluate and manage, enterprise-wide, the uncertainties it faces as it creates value.
Risk and Insurance Management Society
The Risk and Insurance Management Society, Inc. is a professional organization dedicated to advancing the practice of risk management, a professional discipline that protects physical, financial and human resources.
Risk Center
RiskCenter is a web-based syndicated news service devoted exclusively to providing financial risk professionals with the inside scoop on breaking economic, political and financial stories, as well as the risk strategies required to measure and manage these risks. RiskCenter sources its information from federal banks, treasury units, and international agencies, for example-and internal sources.
The Risk Management Association (RMA)
Helping Financial Institutions Manage Risk Enterprise-Wide. In today’s world, managing risk has become a necessity, not an option. The Risk Management Association (RMA), a member-driven professional association, helps banking and nonbanking institutions identify and manage the impacts of credit risk, operational risk, and market risk on their businesses and customers. They achieve this through education, research, networking, and leadership opportunities.
>> Sign up now for a
30-day free trial or an
annual subscription.
Find out more about our
subscription prices and group discounts.
If you have any questions please
contact us.