Enterprise Wide Risk

Management
Definition
It is the overall management of risk that an organization takes and holds to
achieve its strategic aims. It is the sum of the various risks the organisation takes
in the various categories and focuses on optimising the balance and interaction
of the different types of risks.
ERM Value
1. Effective and efficient structures to govern and oversee the organisation and
achieve the strategy creating synergies between different risk management
activities.
2. Increased risk awareness which facilitates better operational and strategic
decision making
3. Ensuring that risk-taking decisions across the organisation are within and
aligned to the nature and level of risk that stakeholders in the organisation
are willing to take.
4. More informed/risk-based decision making
Five essential actions
There is no one size fits all approach to ERM. That said, ERM project must begin
with five essential functions.
• Establishing an oversight structure
• Defining a common language and framework
• Targeting risks and processes
• Establishing goals, objectives and uniform processes
• Assessing risk management capabilities.
Control and Risk Self
Assessment
The success of enterprise-wide risk management depends on an integrated
process for ensuring that risks are assessed and managed across an organization
in a dynamic and meaningful way. There are many techniques for reaching all
parts of an organization so that self-assessment by front line staff becomes the
norm. Some argue the widespread use of questionnaires that are completed by
key employees as a way of assessing whether there are operations that are at
risk and whether controls are addressing these risk areas properly. Another
technique is the use of interviews with managers in particular business units to
gauge whether the area is under control or not. A further approach is to
commission comprehensive reviews of risk in high-profile parts of the
organization normally by the use of external consultants, who would report
back on any problems found. These three techniques are fairly straightforward
in that they involve a process superimposed on the normal business operations
and support services.
CRSA
A more popular approach is the use of control self-assessment workshops, or
what some call control and risk self-assessment (CRSA) workshops. Proponents
of CRSA are convinced that the only way to get risk management into the heart
and minds of the organization is to get everyone involved in a participative
manner. CRSA may be called many different things in different organizations.

Control and risk self assessment provides a framework for business to review,
assess and design optimal control frameworks to manage risks and achieve
business quality objectives.