Establishing the context
95
simple risk register in a format that could be attached to a business plan. Simple 
examples of the risks that could result in the business plan not being achieved are 
set out in this illustration.
For example, a sports club may wish to record risks to reputation in the risk
register. There could be particular concerns regarding the reputation of the club, so 
that the board will require a detailed evaluation of the reputational risks related to:
●
●
success on the pitch;
●
●
legal compliance;
●
●
supply of ethical goods at a fair price.
When considering reputational issues, the level of control that is required will be 
evaluated, together with responsibility for managing the brand. The club will also 
make sure that existing controls and any additional controls are described in a
way that will ensure that implementation of the controls can be fully audited.
The board will probably wish to see the risk register on at least a quarterly basis, 
and more frequently if significant changes occur. This will ensure that the risk register 
remains a dynamic document and is kept fully up to date. It will also ensure the 
necessary actions are taken and reported to the board.

08
enterprise risk 
management
enterprise-wide approach
In the past few years, there have been important developments in the practice of
risk management. Firstly, there has been the development of specialist branches of 
risk management, including project, energy, finance, operational risk and clinical risk 
management. Secondly, organizations have embraced the desire to take a broader 
approach to the practice of risk management.
Various terms have been used to describe this broader approach, including holistic, 
integrated, strategic and enterprise-wide risk management. It is the term enterprise 
or enterprise-wide risk management (ERM) that is now the most widely used and 
generally accepted terminology for this broader approach. The fundamental idea 
behind the ERM approach is to move away from the practice of risk management as 
the separate management of individual risks.
ERM takes a unifying, broader and more integrated approach. The ERM approach 
means that an organization looks at all the risks that it faces across all of the operations 
that it undertakes. ERM is concerned with the management of the risks that can 
impact the objectives, key dependencies or core processes of the organization. Also, 
ERM is concerned with the management of opportunities, as well as the management 
of control and hazard risks.
There has also been consideration of the fact that many risks are interrelated and 
that traditional risk management fails to address the relationship between risks. 
With the ERM approach, the relationship between risks is identified by the fact that 
two or more risks can have an impact on the same activity or objective. The ERM 
approach is based on looking at the objective, key dependency or core process and 
evaluating all of the risks that could impact the item being evaluated.
Organizations practise risk management in a number of different ways. However, 
there are many common features to most of these approaches. Table 8.1 gives an 
overview of the features of enterprise risk management as a comparison to the
silo-based approach whereby risk management tools and techniques are applied to 
different types of risks independently. Enterprise risk management has become the 
established means of undertaking risk management activities within most organiza-
tions. This allows the organization to gain an overview of all the risks that it faces so 

Download 3.45 Mb.

Do'stlaringiz bilan baham: