| |
Welcome to the Portal for the Chief Risk Officer
One of the
most important challenges for the Chief
Risk Officer is to implement an Enterprice Wide Risk
Management program, following the Enterprise Risk Management —
Integrated Framework by the Committee of Sponsoring
Organizations of the Treadway Commission (COSO)
According
to this framework, the underlying premise
of enterprise risk management is that every entity exists to
provide value for its stakeholders.
All entities
face uncertainty, and the challenge for management is to
determine how much uncertainty to accept
as it strives to grow stakeholder value.
Uncertainty presents both risk and opportunity, with the
potential to erode or enhance value.
Enterprise risk
management enables management to effectively deal with
uncertainty and associated risk and opportunity, enhancing the
capacity to build value.
Value is maximized when
management sets strategy and objectives to strike an optimal
balance between growth and return goals and related risks, and
efficiently and effectively deploys resources in pursuit of the
entity’s objectives.
Enterprise risk management encompasses:
• Aligning risk appetite and strategy – Management considers
the entity’s risk appetite in evaluating strategic alternatives,
setting related objectives, and developing mechanisms to manage
related risks.
• Enhancing risk response decisions –
Enterprise risk management provides the rigor to identify and
select among alternative risk responses – risk avoidance,
reduction, sharing, and acceptance.
• Reducing
operational surprises and losses – Entities gain enhanced
capability to identify potential events and establish responses,
reducing surprises and associated costs or losses.
•
Identifying and managing multiple and cross-enterprise risks –
Every enterprise faces a myriad of risks affecting different
parts of the organization, and enterprise risk management
facilitates effective response to the interrelated impacts, and
integrated responses to multiple risks.
• Seizing
opportunities – By considering a full range of potential events,
management is positioned to identify and proactively realize
opportunities.
• Improving deployment of capital –
Obtaining robust risk information allows management to
effectively assess overall capital needs and enhance capital
allocation.
These capabilities inherent in enterprise
risk management help management achieve the entity’s performance
and profitability targets and prevent loss of resources.
Enterprise risk management helps ensure effective reporting and
compliance with laws and regulations, and helps avoid damage to
the entity’s reputation and associated consequences.
In
sum, enterprise risk management helps an entity get to where it
wants to go and avoid pitfalls and surprises along the way.
Events – Risks and Opportunities
Events can have negative impact, positive impact, or both.
Events with a negative impact represent risks, which
can prevent value creation or erode existing value.
Events with positive impact may offset negative impacts or
represent opportunities.
Opportunities are the
possibility that an event will occur and positively affect the
achievement of objectives, supporting value creation or
preservation.
Management channels opportunities back to
its strategy or objective-setting processes, formulating plans
to seize the opportunities.
Enterprise Risk Management Defined
Enterprise risk
management deals with risks and opportunities affecting value
creation or preservation, defined as follows:
Enterprise
risk management is a process, effected by an entity’s board of
directors, management and other personnel, applied in strategy
setting and across the enterprise, designed to identify
potential events that may affect the entity, and manage risk to
be within its risk appetite, to provide reasonable assurance
regarding the
achievement of entity objectives.
The
definition reflects certain fundamental concepts.
Enterprise
risk management is:
• A process, ongoing and
flowing through an entity
• Effected by people at every
level of an organization
• Applied in strategy setting
• Applied across the enterprise, at every level and unit,
and includes taking an entity level portfolio view of risk
• Designed to identify potential events that, if they occur,
will affect the entity and to manage risk within its risk
appetite
• Able to provide reasonable assurance to an
entity’s management and board of directors
• Geared to
achievement of objectives in one or more separate but
overlapping categories
This definition is purposefully
broad.
It captures key concepts fundamental to how
companies and other organizations manage risk, providing a basis
for application across organizations, industries, and sectors.
It focuses directly on achievement of objectives
established by a particular entity and provides a basis for
defining enterprise risk management effectiveness.
Every Monday
Top 10 risk and
compliance management related news stories and world events
Do you want to receive every Monday the Top 10
risk and
compliance management related news stories and
world events that
(for better or for worse) shaped the week's agenda, and what is
next?
You may submit the form that follows. We meet
strict national and international privacy standards. You can
unsubscribe at any time.
Receive the New Member Orientation Newsletters
You will have the opportunity to learn what members
registered before you have already learned. Understand better
risk and compliance management, projects, careers, challenges
and opportunities.
|
|
Join the International Association of
Risk and Compliance Professionals (IARCP). Membership is Free
www.risk-compliance-association.com/How_to_become_member.htm
Benefits for Members:
www.risk-compliance-association.com/Member_Benefits.htm
Reading Room
www.risk-compliance-association.com/Reading_Room.htm
Certified Risk and Compliance
Management Professional (CRCMP)
www.risk-compliance-association.com/Distance_Learning_and_Certification.htm
Certified Information Systems Risk and
Compliance Professional (CISRCP)
www.risk-compliance-association.com/CISRCP_Distance_Learning_and_Certification.htm
Privacy and Compliance with the
Federal Trade Commission Fair, the California Online Privacy
Protection Act, the Children Online Privacy Protection Act, the
Privacy Alliance, the Controlling the Assault of Non-Solicited
Pornography and Marketing Act
www.risk-compliance-association.com/Privacy.htm
Certified Risk and Compliance Management Professional (CRCMP)
Distance Learning and Online Certification Program
Certified Information Systems Risk and Compliance
Professional (CISRCP)
Distance Learning and Online Certification Program
To learn more:
www.risk-compliance-association.com/Distance_Learning_and_Certification.htm
| |
