The ultimate goal of enterprise risk management is to evaluate total returns relative to total risks, leading to more informed business decisions. Many ask questions about its value proposition. This questionnaire can be used when analyzing an organization’s enterprise risk management strategy. It focuses on the internal environment, objective setting, risk identification, risk assessment, risk response, control activities, information and communication, role of the board of directors, role of management, common risk failures, and trading activity.
Sample questions include:
This document can be used as a sample ERM questionnaire and is not meant to be an exhaustive list of questions on the topic. Organizations should select, update and modify the questions included in this document to ensure that it reflects business operations.
- What is the overall risk appetite of the organization?
- How well are strategic and related objectives defined?
- How do internal and external forces impact the risk profile?
- Are you aware of any instances of fraud within the company?
- How are risks monitored and reported within the organization?
- What is the assessment of the effectiveness of overall controls in preventing risks and carrying out risk activities within the organization?
- What communication barriers are present within the organization?
- Does management involve the board timely during the strategy-setting process, including when making decisions to accept or reject risk?
- Do you understand the significant uncertainties, or soft spots, inherent in the organization's strategies for achieving its business objectives and performance goals?
- If the company engages in significant trading activities or uses derivatives in a significant way, is the financial and risk management strategy clear?