What Are Your Enterprise Risk Management Principles?

Peter WalshEnterprise Risk Management1 Comment

A blog post by Norman Marks here reminded us that Risk Management for an Enterprise needs a guiding framework, of which there are many sources. Norman refers to the COSO ERM framework which dates back to 2004 and believes that this will be updated soon to reflect the changes that have taken place in regulation and risk technology. The ISO have their own guide to Risk Management (not free unfortunately, see link below) which Norman reduces from eleven principles to six being:

  1. Risk management enables management to make intelligent decisions when setting strategy, planning, making decisions, and in the daily management of the organization. It provides reasonable assurance that performance will be optimized, objectives achieved, and desired levels of value delivered to stakeholders.
  2. Risk management provides decision-makers with reliable, current, timely, and actionable information about the uncertainty that might affect the achievement of objectives.
  3. Risk management is dynamic, iterative and responsive to change.
  4. Risk management is systematic and structured.
  5. Risk management is tailored to the needs of the organization and updated/upgraded as needed. This takes into account the culture of the organization, including how decisions are made, and the need to monitor the program itself and continually improve it.
  6. Risk management takes human factors (that may present the possibility of failures to properly identify, analyze, evaluate or treat risks) into consideration and provides reasonable assurance they are overcome.
Norman Marks Blog post by Norman Marks

A paper from McKinsey targets financial organisations such as banks and shows how to put in place an ERM framework, and measure performance. And as a practical example the 2016 annual report from Deutsche Bank (which is fully interactive) shows how they engage everyone from the Board downwards in their ERM approach.

Finally Alex Sidorenko provides an entertaining video explaining that after many years in Risk Management, he still doesn’t know what ERM is and points out there is no single agreed standard in the world. The question for you is, what are your ERM Principles and how do you implement them? We’d be interested in your feedback, use the comments below.


The COSO ERM Framework (2004)

World Class Risk Management by Norman Marks (2015) (Amazon book)

ISO 31000 – Risk Management – A practical guide for SMEs

Getting to ERM
A road map for banks and other financial institutions (McKinsey, 2013)

Deutsche Bank 2016 Annual Report

Alex Sidorenko (Russian Risk Manager of the year in 2014) debunks ERM

Follow me

Peter Walsh

Global Head of Sales at Razor Risk
Peter is a banker by trade (ACIB) and a qualified practitioner in managing IT intensive programmes allied to a lifetime of City-based roles and experiences. His experience and knowledge of the risk management and management disciplines helps provide clarity – and, with his background in banking, regulatory compliance and risk systems he is uniquely placed to discuss and describe how technology enablers can be deployed to deliver effective and efficient solutions in the most demanding situations, including the bewildering array of regulations and changes that will be affecting collateral, margining and associated risk management.
Follow me

Related Posts

One Comment on “What Are Your Enterprise Risk Management Principles?”

  1. Peter Walsh

    Risk management is totally complicated, this because there are numerous type of organisational risks. Some organisation usually set up risk committees, risk manager and moreover some researchers study specific kind of risk in business such like; financial risk management, operational risk management, strategic risk management and credit risk management etc, in organisation. it is possible for an organisation to have risk committees or risk managers on each type of risk mention above? No, i do not think so. Because am totally confused about it. Am writing my doctorate thesis on risk management. “The effectiveness of risk management in small and medium enterprises”

Leave a Reply

Your email address will not be published. Required fields are marked *