Professional Documents
Culture Documents
ERM Application Case Studies
ERM Application Case Studies
1
Risk
Identification
2
6
Risk
Evaluation
Assessment
5 3
Monitoring Risk Analysis
4
Implementation
1. Risk Identification
Financial Other
Strategic Risk Categories
Innovation
Risk
Customer
R&D Risk
Risk
Supply
Market
Chain
Risk Strategic Risk
Risks
Partnering Investor
Risk Risk
Planning Brand
Risk Risk
Operational Risk Categories
Financial
Governance
Reporting
Risk
Regulatory Risk
and Legal Fraud Risk
Risk
Sustainability
Emerging Risk
Risk
Communication Technology
Risk Risk
Financial
Market
Risk
Valuation
Credit Risk
Risk
Hedging Liquidity
Risk Risk
Financial
Risks
Inflation Interest
Risk Risk
Foreign
Asset
Investment
Risk
Risk
Other Risk Categories
Reputational
Risk
Investment Environmental
Risk Risk
Other
Third Party
Project Risk
Risk
Economic
Risk
Identify Subcategories
Structured
Interviews
Brainstorming Uses a risk survey or
Can effectively questionnaire to ask
generate lots of ideas specific questions Top Down / Bottom
of potential risk related to different Up Approach
scenarios that could types of potential risk
take place events facing a
particular risk owner
or risk center
Establish Risk Criteria
Prioritize the
critical risks
Determine critical from greatest to
risks in the least
Risk centers organization.
assigned to
risk owner
Responsibilities
of risk owner
• % of customer attrition
• % of employee turnover
• Rejection rate
• Meantime to repair IT
problems
• Customer order waiting time
• Profitability of customers by
demographic segments
Key Risk Indicators (KRIs)
Business is
interrupted
Loss of employees
Quality and
productivity goes
down
Competitor takes
market share due to
business interruption
Tools and Techniques
Personal
Inspections
Interview Subject
Flowcharts
Matter Experts
Conduct HAZOP
Financial
and “what if”
Statements
scenarios”
Define business
or process
Loss Histories
drivers of the
organization
Review what is
Tools and said about your
Questionnaire &
organization on
Risk Survey Techniques social media
networks
Create A Risk Register
Identify a
potential risk
event
Date to review Categorize the
risk risk event
Identify
Risk treatment Create A potential
causes
Risk
Register
What is the
Assign risk
financial
owner
impact
Risk Assessment is a
process to determine
the cause of the risk
event, the risk event Quantitative Root Cause
itself, and the impact Assessment- Analysis- Find
and the velocity of the Measures the the root cause
value of the of a potential
risk event. impact risk event
Qualitative
Assessment-
Recognizes the source
of the risk event
2
The
Management “5-Whys”
Oversight Barrier
and Risk Analysis
Tree
Methods
Failure Mode
Parent
Effect
Analysis
Analysis
Fish-Bone
Casual
Diagram or
Factor Tree
Ishikawa
Analysis
Diagram
2
Track
Identify and select Develop
implementation of
the best solutions recommendations
solutions
3
3. Risk Analysis Risk Analysis
Risk aggregation
and risk
Understand correlation in an
organization’s risk
portfolio
The
interrelationship of
Determine risk exposures to
a potential risk
event
DHS uses
Influence Diagrams
to analyze the
interrelationships
and
interdependencies
of risks across the
enterprise.
3
DHS Analysis Tools Risk Analysis
Management is
responsible for Financial &
IT Systems
implementing Operations
appropriate
controls to
reduce risk and Some Areas
to achieve for Risk
operational Controls
objectives.
Messages to all
stakeholders must be clear,
address the pressing
issues and engage all the
stakeholders to be diligent
in plans of recovery
Communication must
Risk communication demonstrate that senior
becomes a key component management is committed
in surviving a crisis to maintain an environment
situation of transparency in it
decision making
Crisis
Management
4
Elements of Continuity Plan Implementation
Recovery time
Statement of
objectives, resources Task and activities
acceptable level of
needed and potential required
functioning
failure points
Supporting
Structure to support Procedures and
documentation and
the plan processes
information
Describe
Description of
interdependencies
personnel duties and
among the various
responsibilities
departments
5
5. Monitoring Monitoring
Governance Enterprise
Balanced Risk and Risk
Spreadsheets Dashboards
Scorecards Compliance Management
Software Software
Captures
company’s
strategy by
• Customer
• Internal
Processes
• Innovation Pictorial Focus on ERM focus
Like risk
and Learning reporting of audit and on software
registers
• Financial risks compliance solutions
5
Critical Risk: Mitigation Plan Monitoring
5
Case Study: Walmart Monitoring
Evaluation