LEARNING

UNIT 2 –
PART III

ENTERPRISE
RISK
MANAGEMENT
(ERM)
 LEARNING OUTCOMES:
After completing this learning unit, students should be able to:
 Students should be able to explain Enterprise Risk Management.
 Students should be able to identify and explain different ERM frameworks (E.g., COSO,
ISO31000, COBALT).

LU2: Study Guide, Page 7 Copy Right Reserved © University of the Free State 2024 2
 RISK MANAGEMENT PROCESS
• Steps in a detailed risk management framework:

STEP 1: Risk Identification

STEP 2: Risk Evaluation

STEP 3: Risk Response

STEP 4: Risk Strategy Implementation

STEP 5: Risk Monitoring

STEP 6: Risk Strategy review

LU2: Study Guide, Page 13 Copy Right Reserved © University of the Free State 2024 3
 ENTERPRISE RISK MANAGEMENT
(ERM)
• Methodology that looks at risk management strategically from the
perspective of the entire firm or organisation.
• It is a top-down strategy that aims to identify, assess, and prepare for
(respond) potential losses, dangers, hazards, and another potential for
harm that may interfere with an organisation's operations and objectives
and/or lead to losses (risks).
• Definition: ERM in business includes the methods and processes
organisations use to manage risks and seize opportunities related to
achieving their objectives.

LU2: Study Guide, Page 23 Copy Right Reserved © University of the Free State 2024 4
 ENTERPRISE RISK MANAGEMENT
(ERM)FRAMEWORKS

Casualty Actuarial
Society (CAS)
framework

COSO ERM Framework

ISO31000 Frameworks

LU2: Study Guide, Page 24 Copy Right Reserved © University of the Free State 2024 5
 COSO ERM FRAMEWORK
…a process, effected by an entity's board of directors, management, and
other personnel, applied in a strategy setting and across the enterprise,
designed to identify potential events (risks) that may affect the entity, and
manage risk to be within its risk appetite, to provide reasonable assurance
regarding the achievement of entity objectives.

LU2: Study Guide, Page 25 - 26 Copy Right Reserved © University of the Free State 2024 6
 COSO ERM FRAMEWORK
Five (5) core objectives:
• Tone and responsibility
Governance and Culture • Ethical values, behaviours and understanding risks

Strategy and objective • Establish risk appetite and risk tolerance levels
• Align with business objectives
setting
• Identifying, evaluating and responding to risks
Performance • Implementation of risk strategy

• Assessing the effectiveness of strategies implemented

Review and Revision • Making recommendations for improvement

Information, communication • Sharing information on risk and risk management process

within the business and with relevant stakeholders
and reporting

LU2: Study Guide, Page 25 - 26 Copy Right Reserved © University of the Free State 2024 7
 C A S U A LT Y A C T U A R I A L S O C I E T Y
(CAS) FRAMEWORK
…as the discipline by which an organisation in any industry assesses,
controls, exploits, finances, and monitors risks from all sources to increase
the organisation's short- and long-term value to its stakeholders.

Monitor
Establish Identify Analyse Integrating Prioritising Treating
and
context Risks Risks Risks Risks Risks
Review

LU2: Study Guide, Page 26 - 27 Copy Right Reserved © University of the Free State 2024 8
 ISO31000 FRAMEWORKS
• Family of standards - International Organisation for Standards (ISO)
• Purpose to create an international standard for risk management
• Standard sets out:
• Principles (Value Creation and Protection)
• Risk Management Process (Risk identification, evaluation, and
response)
• Framework (Leadership and commitment)

LU2: Study Guide, Page 26 - 27 Copy Right Reserved © University of the Free State 2024 9
Copy Right Reserved © University of the Free State 2024 10
ANY
QUESTIONS?

11