Step 2: Select a Strong Leader to Drive the Enterprise Risk Management Initiative
Step 2: Select a Strong Leader to Drive the Enterprise Risk Management Finding a leader to head the initial Enterprise Risk Management project is also critical for success. BOD should identify a leader with the right attributes to head the Enterprise Risk Management effort. This person does not need to be a “CRO” (Chief Risk Officer).
Read moreStep 1: Seek Board of Directors (BOD) and Senior Management leadership, Involvement and Oversight
Step 1: Seek Board of Directors (BOD) and Senior Management leadership, Involvement and Oversight The BOD and senior management set the tone for the organization’s risk culture. Their involvement, leadership and oversight are essential for the success of any Enterprise Risk Management effort. The BOD and senior management should agree on their initial objectives regarding Enterprise Risk Management, its benefits and their expectations for successful Enterprise Risk Management.
Read moreInitial Actions toward ISO 31000 success
Initial Actions toward ISO 31000 success Building off the theme of “Keys to Success,” above, we need to plan the initial actions, and steps to support the development of a tailored Enterprise Risk Management initiative. The plan reflects some simple, basic steps for implementing Enterprise Risk Management, including the key step of performing an initial risk assessment.
Read moreKey to ISO 31000 Success – Theme 7: Provide Ongoing Enterprise Risk Management Updates and Continuing Education for Directors and Senior Management
Key to ISO 31000 Success – Theme 7: Provide Ongoing Enterprise Risk Management Updates and Continuing Education for Directors and Senior Management Enterprise Risk Management practices, processes and information continue to evolve. Thus, it is important for directors and senior executives to ensure that they are receiving appropriate updates, new releases and continuing education on Enterprise Risk Management, including information about regulatory requirements and best practices.
Read moreKey to ISO 31000 Success – Theme 6: Embed Enterprise Risk Management into the Business Fabric of the Organization
Key to ISO 31000 Success – Theme 6: Embed Enterprise Risk Management into the Business Fabric of the Organization Enterprise Risk Management is a management process, ultimately owned by the board of directors and involves people at every level of the organization. The comprehensive nature of the Enterprise Risk Management process and its pervasiveness across the organization and its people provides the basis for its effectiveness.
Read moreKey to ISO 31000 Success – Theme 5: Build on Existing Risk Management Activities
Key to ISO 31000 Success – Theme 5: Build on Existing Risk Management Activities Any organization with current operations has some form of risk management activities or risk related activities already in place. These might include activities such as risk assessments performed by the internal audit, insurance or compliance functions, fraud prevention or detection measures, or certain credit or treasury activities.
Read moreKey to ISO 31000 Success – Theme 4: Leverage Existing Resources
Key to ISO 31000 Success – Theme 4: Leverage Existing Resources Another possible barrier to initiating an Enterprise Risk Management process may be the view that significant resources including investments or outside expertise are needed to undertake an Enterprise Risk Management project. For example, some directors or senior executives might think that they would need to hire an experienced Chief Risk Officer or make significant investments in new technologies or automated tools.
Read moreKey to ISO 31000 Success – Theme 3: Focus Initially on a Small Number of Top Risks
Key to ISO 31000 Success – Theme 3: Focus Initially on a Small Number of Top Risks For an organization just starting out with Enterprise Risk Management, it might make sense to first identify a small number of critical risks that can be managed, and then evolve from this starting point. For some organizations, such an approach might mean keeping the initial Enterprise Risk Management focus on only those strategic risks that are deemed critical to the organization achieving its strategic business objectives.
Read moreKey to ISO 31000 Success – Theme 2: Build Enterprise Risk Management Using Incremental Steps
Key to ISO 31000 Success – Theme 2: Build Enterprise Risk Management Using Incremental Steps One perceived barrier to launching Enterprise Risk Management is the perception that Enterprise Risk Management is overly complex and requires a major and costly effort to implement. Related to this perception is the belief that an organization must implement all of the components of Enterprise Risk Management in one single effort for it to work and bring any tangible value to the organization. Experience suggests otherwise.
Read moreKey to ISO 31000 Success – Theme 1: Support from the Top is a Necessity
Key to ISO 31000 Success – Theme 1: Support from the Top is a Necessity To successfully manage risk, an Enterprise Risk Management initiative must be enterprise wide and viewed as an important and strategic effort. Support from the company board is needed to get the right focus, resources and attention for Enterprise Risk Management.
Read more