ERM Tool Box
Tools to help you get started or to keep you going with your ERM Program
- Establish your ERM group (panel, committee)– or have an existing group take responsibility for ERM
- Write your charter (Sample charter documents) - Need a champion to help you get this started? Contact for assistance.
- Develop a Work Plan (Sample
Work Plan)
Developing your Work Plan based on the COSO Framework
Internal Environment/Objective Setting: describe the "Tone at the Top", Organizational Objectives, and the ERM Initiative Goals
Event Identification/Risk Assessment: Describe how you are going to recognize and catalogue internal and external events that could impact achieving objectives and how you will assess them
Risk Response/Control Activities: Develop plan that assists individual units and key owner's of processes to identify and assess risk and develop action plans to mitigate the identified risk
Information & Communication: Describe how information will be communicated throughout the organization
Monitoring: Develop measures for monitoring risks and key controls and communicate findings on an ongoing basis
Tip: Start small - but think BIG
Look at an existing program or initiative that could benefit from ERM and start with just focusing on one area. Example: Safety Programs, Training Programs, Effort Reporting, Workers' Compensation, Contract Management. |
And/Or - Develop a Work Plan based on Supporting Objectives and Strategic Goals of Your Organization - that still encompasses the COSO Framework (Sample
Strategic Goal Plan)
Define the Organizations Strategic Goals and Objectives: a Strategic Plan is likely to have been completed by your organization, so the primary initial action required by the ERM group is to ensure that they understand the goals and objectives, and can correctly articulate them and communicate them
Develop a survey process: to examine individual unit's goals, objectives and operating plan to determine if they support your organizations goals and objectives. (Sample
Survey)
Identify the Risks: Identify individual units' risk that might stop them from meeting their goals and objectives.
Identify the controls and develop mitigation plans: Identify how the risks are currently managed and how they might be improved.
Monitor: With the unit establish an on going risk management program.
- Understand and Develop Risk Assessments
There are various types of Risk Assessment Activities that are regularly conducted
through out organizations (UC Risk Assessment). The ERM group should
become familiar with and support the various assessments conducted and use the
results of these assessments in developing and maturing their ERM Program.
Your ERM group may want to consider identifying Risk Assessments that have already been completed and then work with the key owner's for the risk to develop and assist with improving the control activities, information and communication and monitoring (in-other-words fill in the rest of the COSO model).
A Strategic Risk Assessment gives consideration of: Financial Risk, Operational Risk, Strategic Risk, Compliance Risk, and Reputational Risk. (Sample
Strategic Risk Assessment)
Our plan is to keep adding to the ERM tool box. If you have ideas to share please . Also, we recommend the book Enterprise Risk Management for Dummies - which is for really smart people who know that it is better to take risks and manage them well rather than just letting stuff happen.
 |
|
