Enterprise risk management (ERM) requires clear risk management goals and objectives. It aligns strategy, processes, people, technology and knowledge for the purpose of evaluating and managing risks. Enterprise is defined as an elimination of functional, departmental or cultural barriers and is a holistic, integrated approach to managing all key business risks and opportunities and maximizing shareholder value for the enterprise as a whole.
This guide can be used during the planning phase of implementing ERM across an organization. It supports a phased implementation approach and details tasks, deliverables and a project timeline.
During the environmental scan, project kickoff and awareness phase, it is important to:
- Gather information
- Develop a project plan and timeline and agree upon key deliverables
- Validate the project plan and deliverables with management
- Identify the preliminary risk language and develop risk inventory questionnaires
- Develop materials and hold education/risk awareness session(s) with senior management and/or the boards’ risk management committee
- Initiate/schedule interviews with senior management
- Identify questionnaire recipients at business units