Skip to main content

Enterprise Risk Management: Guidance for Practical Implementation and Assessment

Enterprise Risk Management: Guidance for Practical Implementation and Assessment

AICPA

ISBN: 978-1-941-65108-7

Feb 2018

64 pages

In Stock

$85.00

Description

This new publication includes invaluable guidance for anyone responsible for or advising on an enterprise risk management process (ERM), whether the process is in its early stages or is already well established. This resource will help you ensure the ERM process is well designed, well executed, and ultimately successful.

Global, economic, and regulatory conditions as well as everyday internal risks can affect business operations, so it’s important to have a process in place that identifies these events and manages risks. This guide leverages the concepts of existing frameworks as a foundation for providing illustrative examples, best practices, and guidance for implementing or assessing an enterprise risk management process.

Recognition iii

1 Overview of the Enterprise Risk Management Guide  1

I. Introduction  1

II. Who Should Use this Guide 1

III. Conceptual Basis  2

2 ERM Concepts and Components  3

I. What does ERM Encompass? 3

Events, Opportunities and Risks 3

The Importance of Taking an Enterprise View  3

Risk Appetite, Risk Tolerance, and Risk Attitude 4

II. Components of Enterprise Risk Management 4

1.0 Internal Environment 5

2.0 Objective Setting 5

3.0 Event Identification  6

4.0 Risk Assessment  8

5.0 Risk Response 11

6.0 Control Activities 12

7.0 Information and Communication 13

8.0 Monitoring 13

III. ERM Roles and Responsibilities 14

Entity Roles 14

Board or Equivalent Roles  14

Entity Management  14

Internal Auditors  15

The Role of External Parties in the ERM Process 15

3 ERM Program Development 17

I. Mobilize  17

Establishing Appropriate Sponsorship 18

Project Governance  18

Planning and Launch 18

Timeline 19

II. Current State Analysis 19

Current State Considerations  19

Gather Documentation  20

Timeline 20

III. Future State Operating Model Design 20

Peer and Industry Analysis . 21

Develop a Target ERM Operating Model and Framework 21

Develop the ERM Risk Appetite and Risk Tolerances  21

Link Current ERM Activities to the ERM Program Plan 23

Documenting ERM Policies  23

ERM Program Scalability and Related Considerations 23

3 ERM Program Development—continued ERM Program Technology Considerations  23

Timeline 24

IV. Gap Analysis  24

Preliminary Observations  24

Recommendations 24

Timeline 24

V. Implementation 25

Develop Implementation Roadmap 25

Project Planning  25

Communication and Training  25

Design Program Performance Metrics 26

Changes to the Implementation Plan  26

Timeline 27

4 ERM Program Maturity Monitoring and Evaluation 29

I. ERM Program Evaluation 29

Approach to an ERM Program Evaluation  30

II. Keeping Up with Change 30

III. Understanding Continuous Improvement 31

IV. Commitment to Continuous Improvement 32

Glossary of Terms 33

Appendix Page

A COSO and ISO 31000 Framework Mapping  35

B Example ERM Program Maturity Self-Assessment  45

C References  53