Step 7: Develop the Next Phase of Action Plans & Ongoing Communications
Step 7: Develop the Next Phase of Action Plans & Ongoing Communications The implementation of Enterprise Risk Management is an evolutionary process that takes time to develop. In the spirit of continual improvement, once the initial Enterprise Risk Management action plan has been completed, the working group or risk leader should conduct a critical assessment of the accomplishments to date and develop a series of action plans for the next stage of implementation.
Read moreStep 6: Develop Your Initial Risk Reporting
Step 6: Develop Your Initial Risk Reporting The organization next needs to develop its initial approach to risk reporting including its communication processes, target audiences, and reporting formats. Organizations should start by keeping things simple, clear and concise. Make it a point, however, that regardless of what specific reporting format employed, the reporting must reflect clearly the relative importance or significance of each risk.
Read moreStep 5: Inventory the Existing Risk Management Practices
Step 5: Inventory the Existing Risk Management Practices During the risk assessment process, the organization should also be taking an inventory of its current risk management practices to determine areas of strength to build upon and areas of weakness to address. This inventory becomes valuable information for management to assist in enhancing the risk management processes.
Read moreStep 4: Conduct the Initial Enterprise-wide Risk Assessment & Develop an Action Plan
Step 4: Conduct the Initial Enterprise-wide Risk Assessment & Develop an Action Plan In many ways, this step is the heart of the initial Enterprise Risk Management process. The focus here is to gain an understanding of and agreement on the organization’s top risks and how they are managed. The assessment is a top-down look at the risks that could potentially be most significant to the organization and its ability to achieve its business objectives. While any organization faces many risks, the starting point is to get a manageable list of what are collectively seen as the most significant risks. Here, members of the risk committee or working group can be most helpful by sharing their views or identifying people in the organization who should be involved in the risk assessment.
Read moreStep 3: Establish a Management Risk Committee or Working Group
Step 3: Establish a Management Risk Committee or Working Group To provide strong backing for its Enterprise Risk Management effort, an organization should consider creating a senior-level Risk Management Committee or Working Group as the vehicle through which the designated risk leader can implement the Enterprise Risk Management initiative.
Read moreStep 2: Select a Strong Leader to Drive the Enterprise Risk Management Initiative
Step 2: Select a Strong Leader to Drive the Enterprise Risk Management Finding a leader to head the initial Enterprise Risk Management project is also critical for success. BOD should identify a leader with the right attributes to head the Enterprise Risk Management effort. This person does not need to be a “CRO” (Chief Risk Officer).
Read moreStep 1: Seek Board of Directors (BOD) and Senior Management leadership, Involvement and Oversight
Step 1: Seek Board of Directors (BOD) and Senior Management leadership, Involvement and Oversight The BOD and senior management set the tone for the organization’s risk culture. Their involvement, leadership and oversight are essential for the success of any Enterprise Risk Management effort. The BOD and senior management should agree on their initial objectives regarding Enterprise Risk Management, its benefits and their expectations for successful Enterprise Risk Management.
Read more