Bayt.com

Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What are the steps of implementing Enterprise Risk Management to a big Company'

Risk Management Operational Risk Management
user-image
Question added by Diluka Weerasinghe , Corporate Internal Auditor , Abdulla A Al barrack & Co
Date Posted: 2013/06/13
Upvote (0) Views (7) Followers (0) Answers (3) Report Question
Write an Answer
Register now or log in to answer.
Abhishek Jajoo
by Abhishek Jajoo , Director , Epsilon Global Consulting

I think you should refer to the COSO framework proposed8 dimesions to be captures for implementing enterprise wide risk management.
But, in general, setting the risk appetite and developing policies & procedures for implementing the same is one most important step in any organisation.
This sets the tone at the top and once the mandate is finalized..the same can be communicated throughout the organisation..
For examples- your organisation has zero tolerance to operational risk..hence division heads shall be penalized through KRIs/ KPIs in their performance, if a fraud has happened...
The key to implementing ERM is the communication throughout the organisation...Moreover RCSA exercise is very important in the whole exercise...Hope the same suffice.

Deleted user

I think Jajoo makes some very good points.
Culture is very important and this can only come from the top.
So, the Board defining their risk appetite is a good place to start but of course before they can do that they need to know what risks their business is likely to be exposed to.
Usually they work with an external consultancy firm to develop a risk appetite statement within which there are several key risks they want to monitor which includes triggers, capacity and limits.
They will also help define the underlying risk measures which make up the aggregate risk appetite.
RCSA is very important and having in place appropriate governance, training and escalation routes is essential to make sure that people with authority and knowledge of how to manage the risk have visibility before the risk materialises.
Good risk management isn't something you do once a yearm it's on-going with constant revision and analysis of macro and idiosyncratic factors that may affect your business.
So, the simple answer is 'start at the top'.

Carsten Ulrich Durchholz
by Carsten Ulrich Durchholz , Owner , Carsten Durchholz Consulting

I agree with both answers above.
Winning minds and hearts of top Management is the key.
But I also recommend to put a strong Focus on communication throughout the Organisation.
Risk Management is not "natural" for everyone, so take the time to explain and teach.

Write Your Answer
More Questions Like This

Do you need help in adding the right keywords to your CV? Let our CV writing experts help you.

Get Help