ERM Flashcards
Concept of value
For-profit commercial entities: value is usually shaped by strategies that balance market opportunities against the risks of pursuing those opportunities.
Not-for-profit and governmental entities: value may be shaped by delivering goods and services that balance the opportunity to serve the broader community against any associated risk.
What is ERM
Enterprise risk management: the culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.
What is risk
Risk is defined as the possibility that events will occur and affect the achievement of strategy and business objectives.
Risk include 3 elements:
Event
Severity
Uncertainty
Benefits of ERM
Companies that effectively integrate enterprise risk management are likely to benefit in their overall ability to realize value. Benefits may include the ability to:
1. Increase the range of opportunities by considering all reasonable possibilities.
2. Increase the positive outcomes and reduce negative or unexpected outcomes.
3. Better manage entity-wide risk.
4. Reduce performance variability by better anticipating risks and minimizing their impact.
5. Improve and optimize the use of resources.
Mission, Vision, and Core Values
Mission/Objective: The core purpose of the entity (Why the company exists and what it hopes to accomplish)
Vision/Strategy: The aspirations of the entity and what it hopes to achieve over time.
Core values: An organization’s beliefs and ideals about what is good or bad, acceptable and unacceptable, and impact on the behavior of the organization.
Integration of ERM
Managing Risk Linked to Value
Risk appetite: the types and amounts of risk expressed in mission and vision, an organization is willing to accept in pursuit of value. Risk appetite is a range and must be flexible enough to adapt to changing business conditions
ERM seeks to align anticipated value creation with risk appetite and capabilities for managing risk over time.
Entity-wide risks with a portfolio view: A composite view of risk the entity faces, consider the types, severity, and interdependencies of risk and how they may affect the entity’s performance relative to its strategy and business objectives.
Components and principles of ERM
- Governance and culture
- Strategy and objective-setting
- Performance
- Review and revision
- Information, communication and reporting
governance and culture includes principles(5) of:
D Defines desired culture
O Exercises board oversight
V Demonstrates commitment to core values
E Attracts, develops, and retains capable individuals (employees)
S Establishes operating structure
Strategy and Objective-Setting includes principles (4) of
S Evaluates alternative strategies
O Formulates business objectives
A Analyzes business context
R Defines risk appetite
Performance includes principles (5) of:
V Develops portfolio view
A Assesses severity of risk
P Prioritizes risk
I Identifies risks (events)
R Implements risk responses
Review and revision includes principles (3) of:
S Assesses substantial change
I Pursues improvement in enterprise risk management
R Reviews risk and performance
Information, communication and reporting includes principles (3) of
T Leverages information and technology
I Communicates risk information
P Reports on risk, culture, and performance
the board of directors should
Be independent of management
Primary responsibility (fiduciary responsibility) for risk oversight
To understand the potential organizational biases in decision-making and challenge management to overcome them.
Business objective
(SMARt)
Specific
Measurable or observable
Attainable
Relevant
Authority delegated to________ to design and implement practices that support the achievement of strategy and business objectives.
management
When organizations assess the severity of risk, they should consider:
- Inherent risk - risk in the absence of any actions
- Target residual risk - risk preferred to pursue strategy and business objectives if actions taken by MGT
- Actual residual risk - risk remaining after actions taken by MGT
Criteria for prioritizing of risks:
Adaptability: capability of adapting & responding to risks
Complexity: scope and nature of risk to entity’s success
Velocity: speed of risks’ impact on entity
Persistence: time horizon of risks’ impact on entity.
Recovery: capacity of entity’s returning to tolerance.
Risk response:
- Accept: No action is taken to change the severity of the risk. Acceptance is most
appropriate as a risk response when risk to strategy and business objectives is within the entity’s risk appetite. - Avoid: Action is taken to remove the risk (leaving a line of business, etc.). Avoidance is appropriate when an entity cannot devise a risk response that will mitigate the risk to objectives.
- Pursue: Action is taken that accepts increased risk to achieve improved performance.
Pursuit of risk is appropriate when management understands the nature and extent of any changes required to achieve desired performance while not exceeding the boundaries of acceptable tolerance. - Reduce: Action is taken to reduce the severity of the risk. Management designs risk
mitigation techniques to reduce risk to an amount of severity aligned with the target risk profile and risk appetite. - Share: Action is taken to reduce the severity of the risk. Sharing risk with such techniques as outsourcing and insurance lower residual risk in alignment with risk appetite
ESG-Related Risks
Environmental Issues: ESG values include positive efforts contributing to environmental protection.
Social Issues: ESG values include positive efforts contributing to socially responsible behavior and outcomes.
Governance Issues: ESG values include positive efforts within an entity’s governance to produce sustainable outcomes.
