Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400
Discussion Topics Definition of Enterprise Risk Management Simple first steps to a more strategic risk oversight Overview of the Enterprise Risk Management lifecycle Evaluating Enterprise Risk Management System needs
Definition of Enterprise Risk Management? a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. Source: COSO Enterprise Risk Management Integrated Framework. 2004. COSO
Why is ERM Important For-profit or not, it exists to realize value for its stakeholders Align risk management with business strategy and planning Improve management and response to risks across the enterprise Protect your organizational reputation and image Reduce operating losses and surprises Enhance regulatory compliance Improve capital deployment and resources Eliminate redundancies
Simple First Steps
Topics of Discussion ERM is a process- not a project ERM affects people ERM sets strategy ERM is across the entire enterprise Risk Appetite Reasonable assurance
Simple first steps to a more strategic risk oversight ERM is a process- not a project Not a one time project or event ERM is a series of actions that permeate an organizations activities.
Simple first steps to a more strategic risk oversight ERM players Board of Directors The Board of Directors play a critical role by establishing the right environment or tone-at-the-top for the embrace of ERM by the Credit Union management team and general staff. Oversees management s approach to ERM and determines the Credit Union s appetite for risk. Enterprise Risk Management Policy Risks that thecredit union is exposed to Risk Categories and types of risk credit union is exposed
Simple first steps to a more strategic risk oversight ERM Players Cont. Review Credit Union s risk management policies at least once a year On a regular basis, be able to show that Credit Union has an effective ERM process in place and that risk management policies for significant risks are being adhered to. CEO Overseeing and ensuring that there is an effective ERM Process in place to: Identify risks Determine criteria for measuring risk Develop appropriate risk management policies Measure different types of risk the Credit Union is exposed to in accordance with the risk management policies.
Simple first steps to a more strategic risk oversight ERM Players Cont. Establish effective processes, procedures and controls for managing risk Provide the Board of Directors with timely, accurate reporting of significant risks Provide Board of Directors with reports that assess whether the Credit Union has an effective ERM process Staff Participate in understanding the ERM process Explain functions that they are responsible for within the Credit Union
Simple first steps to a more strategic risk oversight ERM Sets Strategy Provide a mission or vision statement Set strategic objectives that align with mission or vision
Simple first steps to a more strategic risk oversight ERM is across the entire enterprise Consider your entire scope of activities All levels of the organization Strategic Planning and resource allocation Business unit activities Marketing Human Resources Special projects New Initiatives Etc
Simple first steps to a more strategic risk oversight Risk Appetite The amount of risk an entity is willing to accept in the pursuit of value. *Qualitative Approach-High, moderate or low Quantitative Approach- growth, return and risk Risk appetite is directly related to the Credit Union s strategy. Risk tolerance is the acceptable level of variation relative to the achievement of objectives.
Simple first steps to a more strategic risk oversight Reasonable Assurance Understand the extent to which the Credit Union s strategic objectives are being met Understand the extent to which the Credit Union s operations objectives are being met Reporting is happening and it is reliable Regulations and laws are being followed
ERM Lifecycle
Topics of Discussion Lifecycle Identify Risks Analyze Risks Control Risks Monitor Risks Improve Risk Management Report on the Risk Management Progress
Overview of Enterprise Risk Management Lifecycle Identify Risks Understand the organization s expectations and strategic objectives Establish consistent assessment measures Identify key areas Hold risk identification and assessment sessions Identify key risks Assess key risks Refresh assessments periodically and add emerging risks.
Overview of Enterprise Risk Management Lifecycle Analyze Risks How likely will an event occur? Who and what will be affected? What are the effects to the organization?
Overview of Enterprise Risk Management Lifecycle Control Risks What is the impact to your organization? What is the likelihood of this occurrence What is the cost of controlling the occurrence(s)? What type of mitigation(s) will you put in place?
Overview of Enterprise Risk Management Lifecycle Monitor Risks Implement controls and/or mitigations Monitor the residual risk Periodically review control and mitigation effectiveness
Overview of Enterprise Risk Management Lifecycle Improve Risk Management Decide if the right people are involved? What new risks have been identified? New services, products and processes New risks from review of existing services, products and processes How can the business improve the way it manages existing risks?
Overview of Enterprise Risk Management Lifecycle Report on the Risk Management Progress Reinforce key ERM concepts Ensure staff remains vigilant in identifying exposures Keep an open mind Keep the staff thinking about how to consider risk as they design new products, processes or services
System Needs
Evaluating Enterprise Risk Management System needs System evaluation Software based solution Reputable vendor- 2 to 3 References Legal review Flexible pricing based on usage and optional services Integrated solution, modular and Customizable Data conversion Support Training Can the system grow with your organization and support your needs for at least 3 to 5 years? Does software come with pre-loaded contents? Complete your DUE DILIGENCE on the vendor
Take Action
Questions Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400