A blog post by Norman Marks here reminded us that Risk Management for an Enterprise needs a guiding framework, of which there are many sources. Norman refers to the COSO ERM framework which dates back to 2004 and believes that this will be updated soon to reflect the changes that have taken place in regulation and risk technology. The ISO have their own guide to Risk Management (not free unfortunately, see link below) which Norman reduces from eleven principles to six being:
Norman Marks Blog post by Norman Marks
- Risk management enables management to make intelligent decisions when setting strategy, planning, making decisions, and in the daily management of the organization. It provides reasonable assurance that performance will be optimized, objectives achieved, and desired levels of value delivered to stakeholders.
- Risk management provides decision-makers with reliable, current, timely, and actionable information about the uncertainty that might affect the achievement of objectives.
- Risk management is dynamic, iterative and responsive to change.
- Risk management is systematic and structured.
- Risk management is tailored to the needs of the organization and updated/upgraded as needed. This takes into account the culture of the organization, including how decisions are made, and the need to monitor the program itself and continually improve it.
- Risk management takes human factors (that may present the possibility of failures to properly identify, analyze, evaluate or treat risks) into consideration and provides reasonable assurance they are overcome.
A paper from McKinsey targets financial organisations such as banks and shows how to put in place an ERM framework, and measure performance. And as a practical example the 2016 annual report from Deutsche Bank (which is fully interactive) shows how they engage everyone from the Board downwards in their ERM approach.
Finally Alex Sidorenko provides an entertaining video explaining that after many years in Risk Management, he still doesn’t know what ERM is and points out there is no single agreed standard in the world. The question for you is, what are your ERM Principles and how do you implement them? We’d be interested in your feedback, use the comments below.
Latest posts by Peter Walsh (see all)
- Climate change may give rise to considerable future loses for banking institutions, says BIS - April 20, 2021
- Save a Million on Clearing Costs : Webinar Video Recording - March 15, 2018
- Meet Razor Risk at Risk EMEA 2018 - February 22, 2018
Risk management is totally complicated, this because there are numerous type of organisational risks. Some organisation usually set up risk committees, risk manager and moreover some researchers study specific kind of risk in business such like; financial risk management, operational risk management, strategic risk management and credit risk management etc, in organisation. it is possible for an organisation to have risk committees or risk managers on each type of risk mention above? No, i do not think so. Because am totally confused about it. Am writing my doctorate thesis on risk management. “The effectiveness of risk management in small and medium enterprises”