Fundamentals of Risk Management
enterprise risk management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
enterprise risk management
99 risks within the risk appetite of the organization and provide reasonable assurance regarding the achievement of objectives. To be comprehensive, however, the definition must also consider the intended impact of those outputs. In summary, the intended outputs from ERM are that better decisions will be taken, improved core processes will be identified and introduced, possibly by way of tactics that include projects or programmes of work, and operations will be effective, efficient and free from unplanned disruption. This list of outputs from enterprise risk management can be described as mandatory obligations fulfilled, assurance obtained, decision making enhanced and effective and efficient core processes introduced (MADE2). The following is offered by the author as a comprehensive definition of ERM: ● ● ERM involves the identification and evaluation of significant risks, assignment of ownership, implementation and monitoring of actions to manage these risks within the risk appetite of the organization. ● ● The output is the provision of information to management to improve business decisions, reduce uncertainty and provide reasonable assurance regarding the achievement of the objectives of the organization. ● ● The impact of ERM is to improve efficiency and the delivery of services, improve allocation of resources (capital) to business improvement, create shareholder value and enhance risk reporting to stakeholders. eRM in practice The developing role of the risk manager is discussed in Chapter 22. It was mentioned that the seniority of the risk manager should be proportionate to the risks that the organization faces. For many organizations, including those in finance and energy, a board-level risk director is often appropriate. Where it is appropriate and proportionate, the risk manager at board level is often referred to as a chief risk officer (CRO). To date, these appointments have been almost exclusively in the energy and finance sectors, although this may change as ERM becomes more clearly established in a wider range of organizations. The seniority of the CRO is just one example of how ERM should be achieved in practice. The principles of risk management set out as PACED are fully applicable to the practice of enterprise risk management. The principles of risk management are that it should be proportionate, aligned, comprehensive, embedded and dynamic (PACED). By taking a comprehensive approach to enterprise risk management, a wide range of benefits can be delivered and these are set out in Table 8.3. It is for each organ- ization to decide how the enterprise risk management initiative will be structured and how these benefits will be achieved. The key feature of ERM is that the full range of significant risks facing the organization is evaluated. The interrelationship between risks should be identified, so that the total risk exposure of the organization may be compiled. Having measured the total risk exposure of the organization, that level of risk exposure can |
