Professional Documents
Culture Documents
HARVARD BUSINESS
SCHOOL PUBLISHING
This document is authorized for use only in Dr. Shyamsunder Chitta's Enterprise Risk Management 10.7.2020 at Symbiosis International University (SIU) from Oct 2020 to Apr 2021.
For a complete list of Harvard Business For reprint and subscription information For customized and quantity orders of reprints:
School Publishing newsletters: for Balanced Scorecard Report: Call 617-783-7626 Fax 617-783-7658
http://newsletters.harvardbusinessonline.org Call 800-988-0866 or 617-783-7500
For permission to copy or republish:
http://bsr.harvardbusinessonline.org
This document is authorized for use only in Dr. Shyamsunder Chitta's Enterprise Risk Management 10.7.2020 at Symbiosis
Call International
617-783-7587 University (SIU) from Oct 2020 to Apr 2021.
Aligning E nterprise R isk coverage to risks that relate to
S Y N E R G I E S
This document
4 is authorized for use only in Dr. Shyamsunder Chitta's Enterprise Risk Management 10.7.2020 at Symbiosis
Balanced International
Scorecard ReportUniversity (SIU) from Oct 2020
September–October to Apr 2021.
2005
Bank of Tokyo-Mitsubishi Aligns Risk Management with Strategy (continued)
keeping the organization strategy- tion’s risk tolerance and risk flow applies across organizational
focused. appetite. levels. Additionally, the BSC/
COSO-based double-feedback
Event Identification, Risk • Control Activities: Establishing
loop covers not only strategy-
Assessment, Risk Response, policies and procedures that
related information flows, but also
and Control Activities. These help an organization efficiently
those related to risk management.
four components comprise the and effectively carry out risk
This accelerates organizational
heart of risk management.4 responses.
learning and alignment between
• Event Identification: Identifying
An organization is ready to execute strategy and risk management.
the internal and external events
these processes for proactive
that affect an organization’s abil- Monitoring. Monitoring is
risk management once the four
ity to achieve its objectives. In typically conducted by two
types of COSO objectives have
the banking industry, risk is typ- parties: management and internal
been set. To make everyone more
ically classified into three cate- auditors. Management monitors
accountable for risk management
gories: market, credit, and oper- performance of the organizational
performance, an organization
ational. All organizational units units using the BSC. Internal
would simply add objectives
are responsible for identifying auditors, besides monitoring risk
requiring these steps in every
and managing operational risk, management within each organi-
unit’s BSC. This is the most
which includes legal and regu- zational unit, validate whether the
significant benefit BSC brings
latory compliance risk. The trea- entire architecture of the strategy-
to the COSO ERM model. For
sury function is responsible for risk linkage is working efficiently
example, by setting a bankwide
market risk. All lending-related and effectively.
objective of implementing control
areas are responsible
self-assessment in every unit’s A Pack age D eal for G overnance
for credit risk.
BSC, everyone is required to and G oal Achievement
• Risk Assessment: Developing go through these steps in the
scenarios and calculating the potential risk areas BTM faces. The COSO ERM model expands
likelihood, consequences, and the use of the BSC to cover the
Information and Communi- management of risks that might
potential costs (tangible and
cation. The COSO ERM model arise in the course of executing
intangible) of each potential risk
requires that relevant information strategy. Therefore, when they are
event. These scenarios are the
be communicated vertically and used properly together, manage-
basis on which the organization
horizontally within the organization ment enhances the potential for
determines how it should man-
to help people enact their risk achieving the organization’s goals
age risks.
management responsibilities. The and objectives. In addition, by
• Risk Response: Having in place BSC ensures that strategic infor- using BSC and the COSO ERM
a plan to address risks either by mation is cascaded down from model as a “package” rather than
avoiding, accepting, reducing, the top down. Also, as indicated separately, the organization
or sharing them. This involves in the third dimension of the achieves simplicity in governance
aligning risks with the organiza- COSO ERM cube, the information while minimizing confusion.
Although BTM’s linkage is unique,
Figure 2. BSC–COSO ERM Mapping Chart it should be applicable to any
organization that seeks to align
strategy and risk management.
Moreover, just as the BSC has
evolved over time, so we expect
the BSC–COSO ERM linkage to
do so at BTM. For the sake of the
wider application of this linkage
model, we expect, and hope, to
see further study of it by strategists
and risk managers. !
1
COSO stands for the Committee of
The elements of risk management defined by the COSO ERM model correspond to the three Sponsoring Organizations of the Treadway
strategy-related processes defined by the BSC and to the BSC’s feedback properties. Commission. It was established by five
This document
6 is authorized for use only in Dr. Shyamsunder Chitta's Enterprise Risk Management 10.7.2020 at Symbiosis
Balanced International
Scorecard ReportUniversity (SIU) from Oct 2020
September–October to Apr 2021.
2005