Risk – It is the uncertainty of potential event or possible situation that might

affect the organization.

SARA – It is a risk strategy to avoid risk
• Risk Sharing: Insurance
• Risk Acceptance: It occurs when a company admits that the risk's
prospective loss is not significant enough to justify investing money
to mitigate it.
• Risk Reduction: Measures to reduce the frequency or severity of
losses.
• Risk Avoidance: Attempting to prevent problematic situations to
reduce liability exposures.
Management – process of planning and organizing resources in the
organization.
POLICE: Planning, Organizing, Leading, I . Controlling, Evaluating
Risk Management – It is a process of selecting and implementing security
countermeasures to achieve an acceptable level of risk at an acceptable
cost.

Enterprise – profit business started and run by an entrepreneur.

Enterprise Risk Management (ERM) – a strategy used to assess and prepare
for any potential hazards and disasters that might interfere with the
organization's objectives and production.
- Process of identifying and addressing methodically the potential
events that represent risks to the achievement of strategy objectives
or opportunities to gain.
- Make security countermeasures while thinking the whole business.
- Applied holistically
- Make a plan

Risk Oversight Committee

• Identify risk
• Assess risk
• Plan response strategy – accept, share, mitigate/reduce, avoid
• Monitor performance
• Implement mitigation strategy

Benefits of ERM
 • Greater awareness • Increased efficiency and
• Enhanced confidence effectiveness
• Improved compliance
Implementing ERM
• Define risk philosophy: Identify the risk and strategy around risk.
• Create actions plans: A “must”
• Be creative: Think broadly about the problems that a company
might face.
• Communicate priorities: Priorities should be communicated and
broadly understood.
• Assign responsibilities: Implementing specific employee should be
identified to carry out specific plans of the plan.
• Maintain flexibility: ERM should be designed to be adaptable.
• Leverage technology: ERM digital host, summarize and track many
of the risk.
• Continually monitor
• Use metrics: Develop a series
Specific, Measurable, Achievable, Realistic, Time-bound (SMART)

Advantage of ERM
1. Establish a standard that avoid risks.
2. Must be transparent regarding the discussing of risk.
3. Preserve the company’s’ assets.
4. Costumer service become better.
5. Unexpected errors will be lessened.
Note:
• In terms of number, it is the key performance indicators of the
company since it will project that the company is doing good.
• Liquidity Risk: Efficiency of conversion assets into cash.
- The chance of suffering losses is due to failing to make payments on
time when they are due or failing to do so at a manageable cost.
• Off-Balanced Risk: The risk is brought about by elements that do not
appear on an insurer's or reinsurer's balance sheet.

Crisis:
1. Natural Calamity 5. Product Failure
2. Man-Made 6. Labor Problems
3. Environmental Disasters 7. Community issues
(nuclear waste) 8. Adverse publicity
4. Life threatening criminal act 9. Regulatory Issues
 It is a term used in business to describe risk management methods that firms
use to identify and mitigate risks that can pose problems for the enterprise.
– Framework for managing organizational risk.
– Risk can be both Internal (equipment malfunctions) or External
(natural disasters.) Risk varies from one organization to another.
– The fundamental elements of ERM are the assessment of significant
risk and the implementation of suitable risk responses.
– It adds limited value in its immature state because it often leaves
management with a list of risks and little insight into what to do next.
– It may increase awareness with management, the board of
directors and others in its various forms. However, it will not
effectively drive decisions because it is not well integrated with the
enterprise’s decision-making processes.

Risk responses include:

• Acceptance or tolerance risk
• Avoidance or termination of risk
• Risk transfer or sharing via insurance
• Joint venture and other arrangements
• And; reduction or mitigation of risk via Internal control procedures or;
• Other risk prevention activities.

ERM concept:
• Risk philosophy or risk strategy
• Risk culture
• Risk appetite

These are expressions of the attitude to risk in the organization and the amount of risk
the organization is willing to take. These are essential elements of governance
responsibility.

Management responsibilities include:

• Architecture risk or Infrastructure
• Documentation of procedures or risk management protocols
• Training
• Monitoring
• Reporting on risk and risk management activities.

• Improved business performance

• Increased organizational effectiveness
• Better risk reporting
Provides enhance capability to:
1. Align risk appetite and strategy: Risk appetite is the degree of risk on a
broad-based level that a business is willing to accept in pursuit of its
objective.
– Management considers the business’s risk appetite first in
evaluating strategic alternatives and setting boundaries for
downside risk.
2. Minimize operational surprise and losses: Business have enhanced capability
to identify potential risk events, asses risks and establish response, thereby
reducing the occurrence of unpleasant surprise and associated costs or
losses.
3. Enhance risk response decisions: ERM provides the rigour to identify and
select alternative risk responses including risk avoidance, reduction, transfer,
and acceptance.
4. Resources: A clear understanding of the risks facing a business can enhance
direction and use of management time and the business to manage risk.
5. Identify and manage cross enterprise risks: Every business faces several risks
that affect different parts of the organization. The benefits of EMR are only
optimized when an enterprise wide approach is adopted integrating the
desperate approached to risk management within a company.
Integration can be affected in 3 ways:
1. Centralized risk reporting
2. Integration of risk transfer strategies
3. The integration of risk management into the business process of a business.
Rather than being purely a defensive mechanism, it can be used as a tool to
maximize opportunities.

6. Link growth, risk, and return: Business accept risk as a part of wealth creation
an preservation, and they expect return commensurate with risk.
– ERM provides an enhanced ability to identify and assess risk and
establish acceptable levels of risk relative to potential growth and
achievement of objectives.
7. Rationalize capital: More robust information on risk exposure allows
management to assess overall capital needs more effectively and improve
capital allocation.
8. Maximize opportunities: The very process to identifying risk can stimulate
thinking and generate opportunities and threats.
– Responses need to be developed to seize these opportunities in
the same way that responses are required to address identified
threats to a business.
 1. Corporate Governance – required ensuring that the boards of directors and
management have established the appropriate organizational processes
and corporate control to measure and managing risk across the business.
– Examination for recent developments in corporate governance
reveals that they form catalysts for and contribute to the current
pressures on ERM.
– It explains the expectations that shareholders have of boards of
directors as well as the approached companies have adopted to
risk management and the extent of disclosure of risk management
practice.
– Corporate governance forms an essential component of enterprise
risk management because it provides top-down monitoring and
management.
– It places responsibility on the board for ensuring that appropriate
systems and policies for risk management are in place.
2. Internal control – provides an understanding of what should be controlled
and how internal controls are a subset of corporate governance and risk
management is a subset of internal controls.
Risk management aims to:
• Facilitate the effective and efficient operation of a business
• Improve internal and external reporting
• Assist with compliance with laws and regulation
The aim is to accomplish this by identifying and assessing risk facing the business and
responding to them to either remove or reduce them or— where appropriate, transfer
them to a third party where it is economical to do so.
3. Implementation
4. Risk management process – should articulate processes, inputs, outputs,
constraints and enablers.
– Exploring the mechanism for implementing a risk management
process is to break down into its parts and examine what each part
should contribute to the whole.
Risk management process involves:
• Analysis
• Identification
• Assessment
• Evaluation
• Treatment of risk
– As new risks are identified, the earlier identification and assessment
process should be reviewed, and the sequential process is
repeated to implement risk response actions.
5. Source of risk - Risk management process is worthless without a clear
understanding of the source of risk and how they should be managed.
The framework breaks the source of risk down into two key elements:
1. Internal processes (Within a business— relating to its actions)
2. Business operating environment
Risk emanating from these two sources can be used to develop a traditional; PEST
analysis, an abbreviation for the external influences call political, economic, social
and technological.

An ERM strategy can provide answers to three basic questions:

1. Should we do it (aligned with business strategy, risk appetite, culture, values,
and ethics)?
2. Can we do it (people, processes, structure, and technology capabilities)?
3. Did we do it (assessment of expected results, continuous learning, and a
robust system of checks and balances)?

➢ The ERM framework is essential regardless of the institutions; size or how it wished
to categorize its risks.
➢ ERM framework will assist companies’ management and boards of directors risks
of their organizations effectively.
➢ ERM framework will help management and boards of directors answer the
following critical business questions:
1. What are the business strategy and associated risk (coverage)?
2. How much risk are we willing to take (risk appetite)?
3. How do we govern-risk taking (culture, governance, and policies)?
4. How do we capture the information we need to manage these risks (risk
data and infrastructure)?
5. How do we control the risk (control governance)?
6. How do we know the size of the various risks (measurement and
evaluation)?
7. What are we doing about these risk (response)?
8. What possible scenarios could hurt us, how are various risks interrelated
(stress testing)?
These eight questions are aimed at integrating key competencies’ into an
organizations’ ERM.