Scribd
Upload
14 views29 pages

Enterprise Risk Management

The document outlines the framework of Enterprise Risk Management (ERM), emphasizing its importance in aligning risk management strategies with business objectives. Key components include internal environment, objective setting, risk assessment, risk response, and control activities. It also discusses the role of the Chief Risk Officer and the evolution of ERM from a low-level function to a strategic business role.

Uploaded by

RHEA FAJARDO
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views29 pages

Enterprise Risk Management

The document outlines the framework of Enterprise Risk Management (ERM), emphasizing its importance in aligning risk management strategies with business objectives. Key components include internal environment, objective setting, risk assessment, risk response, and control activities. It also discusses the role of the Chief Risk Officer and the evolution of ERM from a low-level function to a strategic business role.

Uploaded by

RHEA FAJARDO
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

GROUP 3 | THE WONDER PETS & THE DREAMERS

ACC 325-8644

Enterprise Risk
Management
Presentation - 2025
Enterprise Risk Management

What is risk?

What is risk management?

Why is risk management


important?

GROUP 3
Enterprise Risk Management

Leaves – Budgeting and Resource Allocation


(COSO: Review & Revision)

Trunk – Enterprise Risk Management (ERM)


(COSO: Strategy & Objective-Setting)
Roots – Risk Culture and Governance
(COSO: Governance & Culture)

GROUP 3
Enterprise Risk Management

Internal Environment

Internal Environment is the


foundation of how a company
manages risks. It shapes the way
employees and leaders think about
and respond to risks.

GROUP 3
Enterprise Risk Management

ERM internal foundation component


Risk Management Philosophy
Risk Appetite
Board of Directors' Attitudes

Risk Management Philosophy


Risk Appetite
Board of Directors Attitudes
Integrity and Ethical Values
Commitment to Competence
Organizational Structure
Assignments of Authority and Responsibility
Human Resource Standards

GROUP 3
Enterprise Risk Management

GROUP 3
Enterprise Risk Management

Objective Setting
It outlines some necessary preconditions that
must be established before management can
establish an effective enterprise risk management
process.

GROUP 3
Enterprise Risk Management

Event Identification
External Economic Events
Natural Environmental Events
Political Event
Social Factors
Internal Infrastructure Events
Internal Process-related Events
External and Internal Technological Events

GROUP 3
Enterprise Risk Management

Risk Assessment

Inherent Risk

It is the ‘‘potential for waste, loss,


unauthorized use, or
misappropriation due to the nature
of an activity itself.’’

GROUP 3
Enterprise Risk Management

Risk Response
Determine how to respond to these various identified risks.
These risk responses can be handled following any of
these four basic approaches:

1.Avoidance – this is a strategy of walking away from


the risk—such as selling a business unit that gives rise
to the risk, exiting from a geographic area of concern,
or dropping a product line.

2. Reduction – product line diversification may


reduce the risk of too strong a reliance on one key
product line.
GROUP 3
Enterprise Risk Management

Risk Response |APPROACHES

3. Sharing – example for financial


transactions, an enterprise can engage in
hedging operations to protect against
possible price fluctuations.

4. Acceptance – the strategy is not to act


on it
Enterprise Risk Management

Control Activities
- the rules and procedures that a company follows to
make sure risks are properly managed. Once a company
decides how to handle a risk, they need to have steps in
place to ensure those actions actually happen in the
right way and at the right time.

GROUP 3
Enterprise Risk Management

SOx vs. COSO ERM

COSO ERM (Enterprise Risk SOx (Sarbanes-Oxley Act)


Management)
U.S. law that requires
A framework that helps companies to prove to
companies manage risks in external auditors that they
all areas, not just financial. have strong internal
Unlike SOx, there are no controls over financial
legal requirements for reporting.
companies to follow.

GROUP 3
Enterprise Risk Management

Types of Control Activities in


COSO ERM:
Top-Level Reviews
Direct Functional or Activity Management
Information Processing
Physical Controls
Performance Indicators
Segregation of Duties

GROUP 3
Enterprise Risk Management

Monitoring
Ensuring the effectiveness of an installed ERM (Enterprise Risk
Management) through ongoing and continuous monitoring.
Key Monitoring Tools:
Process Flowcharting
Illustrates prepared documentation for a process.
Ensures documentation is accurate under given
conditions.
Updates identify if risks still apply and have been
addressed.
Reviews of Risk and Control Materials
ERM process generates large amounts of
guidance materials.
Requires periodic review to ensure effectiveness.
GROUP 3
Enterprise Risk Management

Monitoring | TOOLS

Benchmarking
Compares other enterprises' ERM functions.
Assesses best practices for improvement.
Questionnaires
Sent to stakeholders to gather insights.
Useful for geographically dispersed respondents.
Facilitated Sessions
Gathers valuable insights through focus group
discussions.
Led by a skilled facilitator.

GROUP 3
Enterprise Risk Management

Implementing ERM in the Enterprise


ERM has evolved from a low-level function to a
strategic business role.
Previously focused on insurance and loss
prevention.
Now led by a Chief Risk Officer (CRO) for better
risk understanding.
Helps align risks with business objectives and
decision-making.

GROUP 3
Enterprise Risk Management

Roles and Responsibilities of ERM


Function
ERM now covers regulations, finance,
globalization, intellectual capital, and IT.

Public Corporations: ERM should be a senior-


level unit overseeing the entire enterprise.

Large Enterprises: May have multiple risk


units, but all must report to a central CRO-led
risk function.

GROUP 3
Enterprise Risk Management

Chief Risk Officer (CRO) Responsibilities


The Chief Risk Officer (CRO) oversees
and monitors enterprise-wide risk
management.

Responsibilities Includes:
Assessing Risk;
Implementing Corrective Actions;
and
Communicating Risks across the
company

GROUP 3
Enterprise Risk Management

Eterprise Risk Management vs Internal Audit

GROUP 3
Enterprise Risk Management

Risk Management Policies, Standards, and Strategies


Building a Risk-Awareness Culture
“tone at the top”
Creating the Enterprise-Wide Risk management
organization
build an effective ERM function or group to
support the CRO
Enterprise Risk Management Policies and Standards
a series of risk management policies and standards
should be developed and communicated
throughout the enterprise

GROUP 3
Enterprise Risk Management

Risk Management Reviews and


Corrective Action Policies
ERM group
identify significant areas in the enterprise with
high levels of likelihood of occurrence
review the risk area and make some
recommendations to lessen the risk and improve
surrounding internal controls
major responsibility: to create the risk
management review reports

GROUP 3
ACTIVITY: Jiggle Jam: Move to the Beat!
QUESTION (5PTS):

How does the Enterprise Risk Management (ERM) framework help


organizations align their risk management strategies with their
overall business objectives, and what are the key components that
contribute to its effectiveness?

You might also like