Example: tourism industry

Guide to Enterprise Risk Management

Guide to Enterprise Risk ManagementFREQUENTLY ASKED QUESTIONSG uide to Enterprise Risk ManagementF R EQUENTL YAS KEDQUES T IONSG uide to Enterprise Risk Management : Frequently Asked Questions Page is Enterprise Risk Management (ERM)? implement ERM? does the scope of ERM compare to existing risk Management approaches? is the value proposition for implementing ERM? 7 companies are implementing ERM? 9 companies are not implementing ERM, then what are they doing?10 is responsible for ERM? 11 are the steps companies can take immediately to implement ERM? 11 ERM applicable to smaller and less complex organizations? 11 have companies that have tried to implement ERM failed in their efforts?

Guide to Enterprise Risk Management: Frequently Asked Questions Page No. Introduction 1 The Fundamentals 1. What is Enterprise Risk Management (ERM)?

Tags:

  Guide, Management, Risks, Enterprise, Enterprise risk management

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Guide to Enterprise Risk Management

1 Guide to Enterprise Risk ManagementFREQUENTLY ASKED QUESTIONSG uide to Enterprise Risk ManagementF R EQUENTL YAS KEDQUES T IONSG uide to Enterprise Risk Management : Frequently Asked Questions Page is Enterprise Risk Management (ERM)? implement ERM? does the scope of ERM compare to existing risk Management approaches? is the value proposition for implementing ERM? 7 companies are implementing ERM? 9 companies are not implementing ERM, then what are they doing?10 is responsible for ERM? 11 are the steps companies can take immediately to implement ERM? 11 ERM applicable to smaller and less complex organizations? 11 have companies that have tried to implement ERM failed in their efforts?

2 11 implementation of ERM ensure the success of a business? 12 is the difference between ERM and Management ? 12 does it mean to implement ERM ? , how long does it take to implement ERM? 13 there any way to benchmark the level of investment required to implement ERM? 13 t successfully run companies already apply ERM? 14 long has ERM been around and why is there a renewed focus on it? 14 percentage of public companies currently have an ERM process or system?15 there an example of effective ERM as it is applied in practice? 16 does the application of ERM vary by industry? there any organizations that need not implement ERM? 16 are the regulatory mandates for implementing ERM? 16 standards for implementing ERM different for private and public companies? 17 companies have sophisticated processes in all areas of risk Management to realize the benefits of ERM?

3 17 The COSO Enterprise Risk Management Integrated Framework is COSO? was the COSO Enterprise Risk Management Integrated Framework created? 18 is the COSO Enterprise Risk Management Integrated Framework? 18 can we obtain the COSO ERM framework? 19 was the COSO ERM framework developed? 19 do we use the COSO ERM framework? 20 companies required to use the COSO ERM framework? 20 the COSO Enterprise Risk Management Integrated Framework replace or supersede the COSO Internal Control Integrated Framework? does the COSO Enterprise Risk Management Integrated Framework compare to the COSO Internal Control Integrated Framework? 20 the new COSO framework broaden the focus of ERM beyond the traditional risk Management model s focus on insurable risk? If so, how?21 there other standards and frameworks in existence and, if so, what do they promulgate and how does the COSO Enterprise Risk Management Integrated Framework relate to them?

4 21 is the point of view of the Securities and Exchange Commission (SEC) with respect to ERM? 21 are the deliverables when the COSO ERM framework is implemented? a company partially adopt the COSO Enterprise Risk Management Integrated Framework with success?22 The Role of Executive Management should participate in the ERM process, and how? 23 the CEO be fully engaged in the ERM process or system for it to be successful, or can he or she delegate it to someone else? will senior Management benefit from supporting ERM implementation? should executive Management evaluate ERM? is the role of the CIO in an ERM environment?24 is the role of the treasury and insurance in an ERM environment?25 ERM require reporting to executive Management ? If so, what types of reports are most suitable for executive Management ?

5 25 The Role of the are ERM and governance related?26 should directors be concerned about whether their companies implement ERM?26 should the audit committee view ERM?27 should the board exercise oversight of ERM implementation?28 The Role of the Chief Risk our organization have a chief risk officer (CRO) and, if so, what is his or her role?30 are the skill sets of the CRO?32 whom does the CRO report?32 Table of Contents (continued)Page Risk Management Oversight Structure is the primary purpose of the risk Management oversight structure?33 are compensation issues considered when organizing the risk Management oversight structure? there a recommended organizational oversight structure?34 does the risk Management oversight structure relate to the entity s existing organizational structure?

6 35 implementation of ERM require the identification of individual risk owners? 40 The Role of Internal roles does internal audit play in ERM implementation?40 internal audit lead the ERM effort?42 internal audit integrate the COSO ERM framework into its work?42 t internal audit evaluated the application of ERM within the organization?42 the Institute of Internal Auditors (IIA) support the COSO Enterprise Risk Management Integrated Framework? 42 IIA standards require the use of the COSO Enterprise Risk Management IntegratedFramework? For example, what is the relationship of ERM to IIA Standard (which requires internal audit to undertake an annual risk assessment) and (which requires a broad risk assessment aligned with the COSO framework)?42 Risk Management Vision and does Management develop a shared vision for the role of risk Management in the organization?

7 What is the practical use of a shared vision? 43 does Management define the entity s risk Management goals and objectives?44 is risk appetite and how is it different from risk thresholds, tolerances or limits? 46 there a defined methodology for calibrating performance with risk tolerances?47 are the risk Management vision and objectives translated into the appropriate ERM infrastructure? 49 Conducting Risk Assessments is the relationship between risk assessment and risk Management ?51 is the relationship between risk assessment and performance assessment?51 are the components of an effective objective statement and why are objectives important to an effective risk assessment? 52 is the difference between an event and a risk? 52 doesn t COSO s definition of risk incorporate the notion that risk includes upside as well as downside?

8 52 do we articulate the concept of inherent risk so that it can be effectively used as risk assessment criteria?53 Table of Contents (continued)Page there an officially endorsed risk language we can use for our organization? what extent does the organization strictly define risk for the Enterprise as a whole, when the organization has a variety of different businesses?55 are risk maps and how are they used appropriately during the risk assessment process?55 s an effective way for an organization to conduct a risk assessment?56 are the common mistakes and pitfalls during the risk assessment process?58 do we identify, understand and apply interrelationships among risks ?60 is the appropriate level of depth when assessing risk?61 should participate during the risk assessment process?

9 61 is risk assessment related to risk quantification and should risk quantification be used during risk assessment? 61 there value in using qualitative information when assessing risk?61 Getting Started Set the Foundation are the best steps to take when getting started? 62 ERM another project ?64 there specific things an organization should accomplish the first year? 64 is responsible for leading the charge to implement ERM? 64 should sponsor ERM implementation?65 is buy-in obtained from key senior executives? 65 do we obtain buy-in among our operating managers?65 we leverage existing infrastructure so that we don t create more overhead?67 types of skills are needed to implement ERM?67 we need to put a name on an ERM initiative, , isn t ERM just good business practice with another name?

10 Companies typically add full-time personnel to successfully develop and roll out an ERM process and system, or do they ordinarily use existing personnel who devote their efforts to this initiative on a part- or full-time basis? 68 steps does Management take to set the foundation?68 does Management decide on the appropriate foundation capabilities?69 have a common language and are there examples? 69 there examples of a process classification scheme?69 is dialogue about risk and its root causes, drivers and sources improved?69 is knowledge sharing about risk Management improved?70 does it mean to increase an organization s awareness of or sensitivity to risk?71 Table of Contents (continued)Page a Process View Building steps does Management take to build risk Management capabilities?


Related search queries