Assignment 4: Enterprise Risk Management Flashcards
Four Major Differences Between RM and ERM
- Risk categories
- Strategic integration
- Performance metrics
- Organizational structure
Risk Categories (Traditional RM vs. ERM)
RM: Pure risk only
ERM: Both pure and speculative risks (and the interrelationships between them)
Strategic Integration (Traditional RM vs. ERM)
ERM is integrated with the entire organization’s strategy, while RM is siloed
Exposure Spaces Model
A three-dimensional depiction of attributes – resources, events, and impacts – which is used in ERM to consider the range of potential impact from positive to negative
Performance Metrics (Traditional RM vs. ERM)
RM: Measures activity and result, without considering a more balanced equilibrium between the strategic goals and the risk
ERM: Seeks to optimize risk taking in relation to strategic goals
Organizational Structure (Traditional RM vs. ERM)
RM: Generally reports to a centralized organizational department
ERM: Unlike RM, engages all of the organization’s stakeholders in the risk management process – it is both iterative and recursive
Chief Risk Officer (CRO)
Also known as an enterprise risk manager, they are a senior risk professional who has oversight over an organization’s enterprise risk management function
They help their enterprise create a risk culture in which individual department heads and project managers are identified as risk owners
Risk Owner
Someone who is responsible for managing risks from a specific center or operation
Strategic Planning
The process by which an organization’s board and executives develop, refresh, and refine its strategies in line with its view of the future
Business Model
The core aspects of an organization, including its vision, mission, strategies, infrastructure, policies, offerings, and processes
It is recognized in ERM that this will not survive indefinitely
Improvements in Strategic Decision Making (by incorporating ERM)
- It can address potentially devastating threats
- It can exploit opportunities by incorporating them into its current business model or completely reinventing a new model that will successfully carry it into the future
- It can use ERM as a process to manage unwanted variations from expectations
Process to Integrate ERM
- Develop ERM goals (establish the internal and external contexts)
- Identify risks (risk assessment)
- Analyze, evaluate, and prioritize critical risks (risk assessment)
- Treat critical risks, considering priority (risk treatment)
- Monitor critical risks (monitor and review)
Categories/Techniques for Treating Risks to Strategy
Avoid: Use alternative approaches that eliminate the cause of the risk or its consequences
Accept: Accept the risk by planning for ways to deal with the uncertainty if it occurs
Transfer: Assign the responsibility to manage the risk to a third party
Mitigate: Initiate activities to reduce the probability, impact, or timing of a risk event to an acceptable risk tolerance
Optimize/Exploit: Develop actions to optimize positive consequences to achieve gains
Enhanced Decision Making
This is one of two important benefits to adopting an ERM approach and has the following advantages:
1. Increased profitability (economic efficiency)
2. Reduced volatility
3. Improved ability to meet strategic goals
4. Increased management accountability
Improved Risk Communication
This is one of two important benefits to adopting an ERM approach and has the following advantages:
1. Management consensus: ERM creates a corporate culture that embraces risk as an additional component of each decision
2. Stakeholder acceptance: ERM builds a spirit of cooperation among management, which subsequently instills confidence among all employees. It also establishes management strategies that protect assets and reputation, which encourages the buy-in of external stakeholders
