Enterprise Risk Management

Enterprise Risk Management is a business

strategy that identifies and prepares for
hazards that may interfere with a
company's operations and objectives.
 Enterprise Risk Management
 ERM forms an important element of organizational
management and provisioning of consolidated
services.

 The effective deployment of resources performs a

rollup of risks into a holistic view.

 Monitoring and testing provides transparency into the

operational ‘state of readiness’ at most process points
to effectively manage organizational efficiency.
 Integrated Framework
ERM Policies
Present a holistic method of managing both operational
and strategic risks across the organization.
The strategic plan for Enterprise Risk Management
includes four strategic initiatives for all areas:
1. Mitigation
2. Preparedness
3. Emergency Response
4. Resumption & Business Recovery
 Management Activities
 Create high level-risk strategy (policy) aligned
with strategic business objectives
 Create a risk management organization structure
and ensure clear reporting lines
 Develop/assign responsibilities for risk
management
 Communicate vision, strategy, policy,
responsibilities and reporting lines to all
employees across organization
 Embed Risk Activities into ongoing
Business Processes
• Align and integrate risk management
activities within all processes
• Embed real-time controls related to risk
into digital systems as appropriate
• Develop continuous improvement
processes related to risk
 Measure & Monitor
• Identify key performance indicators and
critical success factors related to risk
• Establish success measures for risk
strategy/activities
• Provide a periodic process for measuring
risk/return
• Identity and implement monitoring processes
and methods of feedback
Enterprise Risk Management is meant to have a broad meaning as an all-
encompassing term to describe an integrated and enterprise-wide
comprehensive processes that include: 1.) emergency response; 2.)
resumption; 3.) recovery; and 4.) restoration

Accident Business Impact Business Business Command ERM

prevention Analysis Recovery Resumption Centers Perspective
Planning

Contingency Crisis Crisis Disaster Emergency Strategic Risk

Planning Communication Management Recovery Management &
Response

Exercising & Information Mitigation Risk Control Risk Financing Operational

Training Security Planning & Insurance Risk

Safety & Risk EHS Police BAIT Reputation Risk

Security Management

Event Computer Business Regulatory Safety & Regulatory or

Management Security Continuity Compliance Security Contractual
Council Risk

Fire Protection Student Academic Operations Risk Mgmt Financial Risk

Housing Administration Adhoc
Committee
 Framework for Effective Control
Control your environment

Control your risk

Control your activities

Control your information and communication

Monitor and review your control

9
 Perceptions in
Today’s Risk Environment
Risk profiles are increasing
• Regulatory/public scrutiny
• Expanding services increases risks
• Business change increases risk complexity
Risk management not keeping pace
• Need for right kind of risk training
• Need for risk assessment methodologies/technology
tools
• Stakeholders have different risk needs
• Inconsistent risk language used

10
 Current issues in ERM
 Executives struggle with business pressures
that may be partly or completely beyond
their immediate control, such as distressed
financial markets; mergers, acquisitions
and restructurings; disruptive
technology change; geopolitical
instabilities; and the rising price of energy.