Training

How to Build a Successful Enterprise Risk Management Program

Presented by SAS Institute     60 Minutes    
How to Build a Successful Enterprise Risk Management Program
An enterprise risk management (ERM) program is more than a collection of organizational functions. ERM integrates all risk efforts under one set of common definitions, process framework, and system solutions. Join a banking/security leader to hear how she developed and grew her institution's ERM program, including how to:
  • Determine your organization's risk appetite;
  • Initiate an ERM program;
  • Monitor on an ongoing basis your alignment of strategy, risks, controls, compliance, incentives and people

Background

Enterprise risk management is not just a function of an organization. It's a culture that can be developed and enhanced. Each leader already plays a risk management role for its organization. ERM is the organization's umbrella effort of risk management, and it is three dimensional because it:

  • Integrates all risk efforts under one set of common definitions, process framework, and system solutions;
  • Brings together the different types of risks, the time spectrum and the organization's decision frame;
  • Is a continuous process and evolves and matures with the organization.

A common set of definitions, process framework and system solutions allows the ERM team to bring all risk management efforts together to: (1) set the appropriate risk tolerance levels for the organization and each functions (2) bring transparency on risk management efforts and resource allocations (3) create synergy in risk management efforts and renders more effectiveness.

Each function will identify and treat risks associated with its functional orientation. There is a benefit in synchronizing the risk types, with its time character and the organization's decision frame to provide a more holistic and integrated coverage.

And finally, risk management is a process, not a project. Thus, should be customized to your organization's culture and risk appetite. Just like any process, it needs to continuously refine and revaluate its approaches, seek feedback, be supported by a common system solution, and celebrate successes along its journey.

A GRC program is designed to support a holistic view of governance, risk, compliance and business strategy execution to minimize redundancy while anticipating future circumstances and heading off any conflicts to meeting goals. GRC programs promote the timely, consistent and accurate capture and maintenance of all material issues, arising during the course of business, in an auditable system of record. GRC, like ERM, is three dimensional, and is comprised of:

  • Performance management, which addresses reliable achievement of objectives through effective management of business processes that are visibly and objectively measured
  • Risk management, which addresses managing the uncertainty associated with the pursuit of objectives
  • Compliance, which addresses voluntary promises that must be kept and laws and regulations that must be obeyed as objective are pursued

Together, ERM and GRC promote transparency, contingency, and risk appetite aspects of the corporate planning and strategy process by:

  • Addressing considerations that fall beyond the boundaries of business/economic scenarios;
  • Substantiating, or eliminating, any contingencies;
  • Helping to accurately shape objectives to ensure the Board-directed risk return trade-offs are reflected.

Webinar Registration

This webinar is available OnDemand.

View Now


Around the Network

Privacy: How Technology Is Outpacing Regulation
Privacy: How Technology Is Outpacing Regulation
Analysis: Twitter's Phone Number Repurposing 'Mistake'
Analysis: Twitter's Phone Number Repurposing 'Mistake'
Application Security: Why Open Source Components Matter
Application Security: Why Open Source Components Matter
Analysis: New ISO Privacy Standard
Analysis: New ISO Privacy Standard
Complying With New York's SHIELD Act
Complying With New York's SHIELD Act
Making the Case for National Unique Patient ID
Making the Case for National Unique Patient ID
Stung by Takedowns, Criminals Tap Distributed Dark Markets
Stung by Takedowns, Criminals Tap Distributed Dark Markets
A "Reasonable" Response to Cyber Incidents
A "Reasonable" Response to Cyber Incidents
The Unspoken Insider Threat
The Unspoken Insider Threat
How Has FTC Data Security Enforcement Changed?
How Has FTC Data Security Enforcement Changed?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.