Record Detail Back
Enterprising Views of Risk Management
- Share to:
ENTERPRISE RISK MANAGEMENT (ERM) IS A STRATEGY organizations can
use to manage the variety of strategic, market, credit, operational and financial risks
they confront. ERM calls for high-level oversight of risks on a portfolio basis, rather
than discrete management by different risk overseers.
ERM HAS GIVEN RISE TO A QUESTION: Who should head the risk management
process—internal audit or a chief risk officer? Some believe internal audit should take
a back seat to preserve the checks and balances the audit function provides. Others
say risk leadership should depend on what a company is comfortable with.
USING ERM ENABLES AN ENTITY TO ASSESS risk across the enterprise instead
of looking at it on a per-project basis. It also gives the company a means to assess the
controls in place to handle each risk and identify any gaps. This consistent approach
also offers businesses an opportunity to determine authority and responsibility and
allocate resources appropriately.
TO EXTRACT RISK DATA, MANY ORGANIZATIONS use business intelligence
software. Many packages feature “traffic-light” systems that show a red light if risk
exceeds acceptable levels. The chief risk officer then can “drill down” to see the
reasons and make more informed decisions.
OVERALL RESPONSIBILITY FOR ENTERPRISE RISK is changing because of
new standards from the Institute of Internal Auditors. They require the internal audit
function in a company to monitor and evaluate the effectiveness of the organization’s
risk management and control systems.