ADOPTING A SYSTEM OF
CONTINUOUS RISK
MANAGEMENT
© Compliance Aid 2011
1

What is ERM ?

Why is ERM Important?

Key components for ERM

What Audit Committee should know

Effective Risk Strategy/Continuous Risk Management

Benefits

Success Factors

Questions
© Compliance Aid 2011
2

Enterprise risk management (ERM) includes the
methods and processes used by businesses to
manage risks and seize opportunities related to
the achievement of their objectives.

ERM provides a framework for risk management,
which typically involves identifying particular
events or circumstances relevant to the
businesses objectives (risks and opportunities),
assessing them in terms of likelihood and
magnitude of impact, determining a response
strategy, and monitoring progress.
© Compliance Aid 2011
3
 ERM
can also be described as a riskbased approach to managing an
enterprise, integrating concepts of
internal control, Sarbanes-Oxley and
strategic planning.
© Compliance Aid 2011
4
 Risk
is inherent to all functions of a
business.

Enterprise risk management (ERM) is for
the measurement and the management of
all significant risks of the business
holistically irrespective of types and
sources.
© Compliance Aid 2011
5
 ERM
is evolving to address the needs of
various stakeholders, who want to
understand the broad spectrum of risks
facing complex businesses to ensure they are
appropriately managed.
 Regulators
and debt rating agencies have
increased their scrutiny on the risk
management processes of business.
© Compliance Aid 2011
6
There are several checkpoints that drive the need
for enterprise risk management, which include:
Greater transparency
 Financial disclosures with more strict reporting
and control requirements
 Security and technology issues
 Business continuity and disaster preparedness in
a post-9/11 world
 Regulatory compliance
 Globalization in a continuously competitive
environment

© Compliance Aid 2011
7

Uncertain economic future
 The uncertainty of the overall condition of the US and
global economies increasingly emphasizes the need for
risk management, and the achievement of strategic
goals.

Risk management is a top priority for Boards
 Poor risk management practices have been blamed for
the credit crisis and ensuing global financial
meltdown. Institutions and regulators suggest that risk
previously was simply reported, rather than managed.

Regulators mandate requiring enhanced disclosure
regarding risk, compensation, and corporate governance
for proxy and other informational statements.
© Compliance Aid 2011
8

Embedded within an organization's strategies and
objectives, ERM's value is maximized when a balance is
reached between growth, returns, risks, uncertainties, and
opportunities.

How much risk the entity is prepared to accept is inherent
in ERM's capabilities, which encompass the following key
components:

Aligning risk appetite and strategy.
Enhancing risk response decisions.
Reducing operational surprises and losses.
Identifying and managing multiple and cross-enterprise
risks.
Seizing opportunities.
Improving deployment of capital.





© Compliance Aid 2011
9
 Considering
activities at all levels of
the organization,
the ERM framework views entity
objectives at the entity, division,
business-unit, and subsidiary levels,
in four key categories: strategic,
operations, reporting, and
compliance.
© Compliance Aid 2011
10
 At
the same time, the framework
focuses on eight interrelated
components: internal environment,
objective setting, event
identification, risk assessment, risk
response, control activities,
information and communication, and
monitoring.
© Compliance Aid 2011
11
© Compliance Aid 2011
12

Articulating and communicating the
organization's objectives.

Determining the organization's risk appetite.

Establishing an appropriate internal
environment, including a risk management
framework.

Identifying potential threats to the achievement
of objectives.

Assessing risks, including their impact and
likelihood of occurring.
© Compliance Aid 2011
13

Selecting and implementing responses to risks.

Undertaking control and other response
activities.

Communicating information on risks consistently
at all levels in the organization.

Centrally monitoring and coordinating the risk
management processes and the outcomes.

Providing assurance on the effectiveness with
which risks are managed.
© Compliance Aid 2011
14

The concept of Enterprise Risk Management ("ERM") is
becoming a common topic with boards and audit committees.

Many businesses are actively deploying a more complete
approach to managing risk under one large umbrella.

ERM is based on the recognition that risk is pervasive, and the
business can more effectively and efficiently manage risk by
leveraging and integrating risk management activities, and by
deploying responsibilities and accountabilities throughout the
company.

Moreover, it is becoming a recognized axiom that there exists
a direct correlation between effective business process and
financial management techniques, and effective risk
management (i.e., ineffective business processes yield high
risks.)
© Compliance Aid 2011
15
Audit committees should be able to generate real value
for their companies by:

Staying focused on the fundamental objectives and
purpose associated with ERM

Recognizing that ERM is a journey not a destination

Develop risk awareness and consciousness at the
audit committee. Understanding in your industry and
how your business creates risk. (Financial,
operational, compliance, reputation, etc.)

Understanding whether your company has an
approach to continuously assess and mitigate risks
© Compliance Aid 2011
16

Provide leadership to raise awareness of risk
management and relate to advancement of the
company's mission and objectives

Deploy responsibility and accountability into line
and staff roles, for risk management including:
Continuous risk assessment (tied to change control)
 Continuous Monitoring
 Continuous improvement of controls


Establish metrics to monitor risk management
effectiveness and follow through regularly to
reinforce accountability and reinforce success
© Compliance Aid 2011
17
Enterprise Risk Management (ERM) - Manage risk by leveraging and
integrating risk management activities
Strategic Dimension of Enterprise Risk Management (ERM) for Audit
Committees


Organizational structure and Strategic relationships
Business processes improvement and Information systems
Audit committees:





Stay focused on objectives of Enterprise Risk Management
Develop risk awareness (financial risk, operational risk,
compliance risk)
Understand your company's risk assessment approach
Deploy risk management responsibility into staff roles
Establish metrics to monitor risk
© Compliance Aid 2011
18
Effective ERM integrates with strategic planning in the
following areas:

Financial/Operational – Defines how much and what type of value
the company must create to satisfy shareholders and
stakeholders.

Customer – Describes the value proposition the company promises
to deliver to its customers and why customers should buy from the
company, rather than rival competitors.

Process – Describes how the business will efficiently and
effectively deliver value promised to customers.

Learning and Growth – Identifies the resources required to enable
the company’s employees to achieve strategic objectives.
© Compliance Aid 2011
19
 Utilizes
all disciplines within an
organization
 Too
often the responsibility of risk
management is placed upon a few individuals
within an organization.
 ERM
assigns risk management responsibilities
to all departments within an company, and
empowers all employees to consider the
likelihood and impact of both internal and
external risks.
© Compliance Aid 2011
20
 Focuses
on Continuous Improvement
 Continuous
improvement challenges company to
constantly evaluate the effectiveness of its
processes and provide value to its customers.
A
successful ERM framework will promote continuous
improvement by regularly reviewing key risks and
key risk mitigation actions/strategies.
© Compliance Aid 2011
21

First and foremost benefit is it avoid risks, all types
of risks such as Credit risks ( this risk can happen
internally or externally ), Market Risks ( due to
market factors ) and operational risks can be
foreseen and tackled through Enterprise Risk
Management.

Any ERM program in place will certain attract
investors to invest on your organization, because they
know that the risk factors are less when there is ERM
in place.

It helps protect the shareholder value and the
interest of stake holders in the
company/organization.
© Compliance Aid 2011
22

Help organization make correct
investment decision analyzing all the facts and
figures through ERM.

Organization or companies can stay head of
competitors who does not have ERM in place, by
taking bold decisions and get results from it.

Although some of the benefits of ERM cannot be
measured, as in the long run it will certainly
yield positive results to the
company/organization.
© Compliance Aid 2011
23
Other benefits of an Enterprise Risk Management (ERM)
include:

More effective strategic and operational planning

Planned risk-taking and the proactive management of risks

Greater confidence in decision making and achieving
operational and strategic objectives

Greater stakeholder confidence

Enhanced capital raising and risk-based capital efficiency

Enhanced company’s resilience
© Compliance Aid 2011
24
 Dealing
effectively with disruptions and
losses, minimizing financial impact on the
business
 Providing
surprises
for forward planning, avoid
 Evidence
of a structured / formalized
approach in decision making
 Regulatory
protection
compliance and director
© Compliance Aid 2011
25
© Compliance Aid 2011
26

Align and integrate risk management practices

Reduce unacceptable performance variability

Build confidence of investment community

Enhance corporate governance

Successfully respond to changing business
environment

Align risk taking strategy with corporate culture
© Compliance Aid 2011
27
Understand the Organization’s Expectations and
Strategic Objectives

Understand the company’s strategic direction

Analyze common industry risks and competitors

Identify or analyze key performance indicators,
drivers, and processes associated with strategic
plans

Define impact and likelihood profile factors
© Compliance Aid 2011
28
Define Key Risks and Risk Environment
Assessment

Identify specific goals, objectives, and drivers to
the strategic plans

Identify the risks to achieving the specific goals,
objectives, and drivers

Develop risk indicators for each risk identified

Perform a management assessment of the risk
universe
© Compliance Aid 2011
29
Develop/Assess Key Risk Mitigation
 Link
key risks to the company’s current
activities, processes, and locations
 Align
key risks to the appropriate risk
indicators
 Evaluate
mitigation strategies and
recommend improvement as needed
© Compliance Aid 2011
30
Communication and Continuous Monitoring

Develop continuous organization-wide
monitoring program over identified risks

Develop risk management and reporting model
consisting of:
Responsible personnel (“risk owners”) for monitoring
risks and risk indicators
 Monitoring timeline which defines the frequency of
assessment and reporting
 Reporting requirements, includes the methods of
gathering information from all risk owners and adjusting
mitigation strategies as needed

© Compliance Aid 2011
31
 Ensure
ERM approach and infrastructure
match the company’s structure and style
 Educate
 Align
continuously
with strategy of the organization
 Establish
 Assemble
executive and board commitment
the strongest team possible
© Compliance Aid 2011
32
 Continuously
improve risk management by
focusing on business performance
 Develop
quantification process to measure
risk impact to value
 Coordinate
enterprise-wide response to the
most significant risks
 Sustain
risk management and use it to create
business value
© Compliance Aid 2011
33
© Compliance Aid 2011
34
Michelle N Martin, CAMS, ACA
President
E-mail [email protected]
Telephone:
Miami, Florida, U.S.A. +1 (305) 772-9712
St. John's Antigua, W.I. +1 (268) 784-9423
Michelle N Martin, CAMS, ACA
Partner
Website http://compliancesolutionsconsultants.com
E-mail [email protected]
Telephone:
Miami, Florida, U.S.A. +1 (305) 772-9712
St. John's Antigua, W.I. +1 (268) 784-9423
If you have any questions,
do not hesitate to contact us!
© Compliance Aid 2011
35
CAACM & Compliance Aid
© Compliance Aid 2011
36