How to Build a Successful Enterprise Risk Management Program

- Determine your organization's risk appetite;
- Initiate an ERM program;
- Monitor on an ongoing basis your alignment of strategy, risks, controls, compliance, incentives and people
Enterprise risk management is not just a function of an organization. It's a culture that can be developed and enhanced. Each leader already plays a risk management role for its organization. ERM is the organization's umbrella effort of risk management, and it is three dimensional because it:
Each function will identify and treat risks associated with its functional orientation. There is a benefit in synchronizing the risk types, with its time character and the organization's decision frame to provide a more holistic and integrated coverage.
And finally, risk management is a process, not a project. Thus, should be customized to your organization's culture and risk appetite. Just like any process, it needs to continuously refine and revaluate its approaches, seek feedback, be supported by a common system solution, and celebrate successes along its journey.
A GRC program is designed to support a holistic view of governance, risk, compliance and business strategy execution to minimize redundancy while anticipating future circumstances and heading off any conflicts to meeting goals. GRC programs promote the timely, consistent and accurate capture and maintenance of all material issues, arising during the course of business, in an auditable system of record. GRC, like ERM, is three dimensional, and is comprised of:
Together, ERM and GRC promote transparency, contingency, and risk appetite aspects of the corporate planning and strategy process by:
This webinar is available OnDemand.
View Now