Enterprise Risk Management
Getting you started (or keeping you going) with your ERM program
Easy as 1... 2... 3!
1 - Establish your ERM group (panel, committee) - or have an existing group take responsibility for ERM
Need a champion to help you get this started? Contact Cheryl Lloyd at (510) 987-9829 or email Cheryl for assistance.
2 - Write your charter
3 - Develop a Work Plan
(Plans may be used in conjunction with, or independent of, each other)
- Plan 1: Based on the COSO Framework Sample Work Plan (doc)
- Environment/Objective Setting: describe the "Tone at the Top", Organizational Objectives, and the ERM Initiative Goals
- Event Identification/Risk Assessment: Describe how you are going to recognize and catalogue internal and external events that could impact achieving objectives and how you will assess them
- Risk Response/Control Activities: Develop plan that assists individual units and key owner's of processes to identify and assess risk and develop action plans to mitigate the identified risk
- Information & Communication: Describe how information will be communicated throughout the organization
- Monitoring: Develop measures for monitoring risks and key controls and communicate findings on an ongoing basis
- Plan 2: Based on Supporting Objectives and Strategic Goals of Your Organization – that still encompasses the COSO Framework – Sample Strategic Goal Plan (doc)
- Define the Organizations Strategic Goals and Objectives: a Strategic Plan is likely to have been completed by your organization, so the primary initial action required by the ERM group is to ensure that they understand the goals and objectives, and can correctly articulate them and communicate them
- Develop a survey process: to examine individual unit's goals, objectives and operating plan to determine if they support your organizations goals and objectives. – Sample Survey (doc)
- Identify the Risks: Identify individual units' risk that might stop them from meeting their goals and objectives.
- Identify the controls and develop mitigation plans: Identify how the risks are currently managed and how they might be improved.
- Monitor: With the unit establish an ongoing risk management program.
- Understand and Develop Risk Assessments