Seven key attributes of evidenced-based continuious Enterprise Risk Management (ERM)
In the past years the conversation of how risk management is handled has changed. Traditional risk management places responsibilities on business leaders to manage risks within their areas of responsibility, however this has its limitations. Risk can appear anywhere in a business and may not draw the attention of business leaders. The shortcomings of traditional risk management have garnered the attention of business leaders and the shift towards an ERM system has become increasingly more popular. ERM is defined by the Committee of Sponsoring Organizations as "a process, effected by an entity's board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives." For a more in-depth look at ERM check out, Next Frontier: Performance-Based Continuous ERM.
The seven key attributes of evidence-based continuious ERM:
- ERM is a continuous management process that provides early warning indicators for business leaders.
- Strategic risk management receives the highest priority.
- Dynamic risk appetite is well-defined in risk policies to balance business objectives and prudent risk-taking.
- Risk optimization is the primary objective of ERM. This is achieved by influencing the likelihood of positive and negative results along the risk bell curve.
- ERM is embedded into business decisions at all three lines of defense, supported by integrated risk assessment and analytics.
- A collaborative dashboard reporting system delivers ongoing risk and performance monitoring.
- Performance feedback loops assure ERM effectiveness and support continuous improvement.