Step 7: Develop the Next Phase of Action Plans & Ongoing Communications

Step 7: Develop the Next Phase of Action Plans & Ongoing Communications The implementation of Enterprise Risk Management is an evolutionary process that takes time to develop. In the spirit of continual improvement, once the initial Enterprise Risk Management action plan has been completed, the working group or risk leader should conduct a critical assessment of the accomplishments to date and develop a series of action plans for the next stage of implementation.

Read more

Step 6: Develop Your Initial Risk Reporting

Step 6: Develop Your Initial Risk Reporting The organization next needs to develop its initial approach to risk reporting including its communication processes, target audiences, and reporting formats. Organizations should start by keeping things simple, clear and concise. Make it a point, however, that regardless of what specific reporting format employed, the reporting must reflect clearly the relative importance or significance of each risk.

Read more

Step 5: Inventory the Existing Risk Management Practices

Step 5: Inventory the Existing Risk Management Practices During the risk assessment process, the organization should also be taking an inventory of its current risk management practices to determine areas of strength to build upon and areas of weakness to address. This inventory becomes valuable information for management to assist in enhancing the risk management processes.

Read more

Step 4: Conduct the Initial Enterprise-wide Risk Assessment & Develop an Action Plan

Step 4: Conduct the Initial Enterprise-wide Risk Assessment & Develop an Action Plan In many ways, this step is the heart of the initial Enterprise Risk Management process. The focus here is to gain an understanding of and agreement on the organization’s top risks and how they are managed. The assessment is a top-down look at the risks that could potentially be most significant to the organization and its ability to achieve its business objectives. While any organization faces many risks, the starting point is to get a manageable list of what are collectively seen as the most significant risks. Here, members of the risk committee or working group can be most helpful by sharing their views or identifying people in the organization who should be involved in the risk assessment.

Read more

Step 3: Establish a Management Risk Committee or Working Group

Step 3: Establish a Management Risk Committee or Working Group To provide strong backing for its Enterprise Risk Management effort, an organization should consider creating a senior-level Risk Management Committee or Working Group as the vehicle through which the designated risk leader can implement the Enterprise Risk Management initiative.

Read more

Step 2: Select a Strong Leader to Drive the Enterprise Risk Management Initiative

Step 2: Select a Strong Leader to Drive the Enterprise Risk Management Finding a leader to head the initial Enterprise Risk Management project is also critical for success. BOD should identify a leader with the right attributes to head the Enterprise Risk Management effort. This person does not need to be a “CRO” (Chief Risk Officer).

Read more

Step 1: Seek Board of Directors (BOD) and Senior Management leadership, Involvement and Oversight

Step 1: Seek Board of Directors (BOD) and Senior Management leadership, Involvement and Oversight The BOD and senior management set the tone for the organization’s risk culture. Their involvement, leadership and oversight are essential for the success of any Enterprise Risk Management effort. The BOD and senior management should agree on their initial objectives regarding Enterprise Risk Management, its benefits and their expectations for successful Enterprise Risk Management.

Read more