A Structured Approach To Enterprise Risk Management Erm -PDF Free Download

A structured approach to Enterprise Risk Management ERM

2019 | 3 views | 20 Pages | 549.60 KB

4 A structured approach to Enterprise Risk Management Part 1: Risk, risk management and ISO 31000 For example, consider the infrastructure of an organisation and the implementation of a new IT system. The choice of hardware and software are strategic decisions. If these choices are incorrect, the consequences will not be obvious for some time ...

Executive summar y
Part 1 Risk risk management and ISO 31000
1 Nature and impact of risk
2 Principles of risk management
3 Review of ISO 31000
4 Achieving the benefits of ERM
Part 2 Enterprise risk management
5 Planning and designing
6 Implementing and benchmarking
7 Measuring and monitoring
8 Learning and reporting
A Risk management checklist
B Implementation summary
List of figures
1 Risk architecture strategy and protocols
2 Framework for managing risk based on ISO 31000
3 Risk management process based on ISO 31000
4 Risk architecture of a large PLC
5 Drivers of risk management
List of tables
1 Detailed risk description
2 Contents of risk management policy
3 Risk management responsibilities
4 Risk assessment techniques
1 AIRMIC Alarm IRM 2010
Executive summar y
Risk management is an increasingly important Purpose of this guide
business driver and stakeholders have become
much more concerned about risk Risk may be a A successful enterprise risk management ERM
driver of strategic decisions it may be a cause of initiative can affect the likelihood and
uncertainty in the organisation or it may simply be consequences of risks materialising as well as
embedded in the activities of the organisation An deliver benefits related to better informed strategic
enterprise wide approach to risk management decisions successful delivery of change and
enables an organisation to consider the potential increased operational efficiency Other benefits
impact of all types of risks on all processes include reduced cost of capital more accurate
activities stakeholders products and services financial reporting competitive advantage
Implementing a comprehensive approach will improved perception of the organisation better
result in an organisation benefiting from what is marketplace presence and in the case of public
often referred to as the upside of risk service organisations enhanced political and
community support
The global financial crisis in 2008 demonstrated
the importance of adequate risk management This guide provides a brief commentary on ISO
Since that time new risk management standards 31000 as well as setting out advice on the
have been published including the international implementation of an ERM initiative The purpose
standard ISO 31000 Risk management of the guide is to
Principles and guidelines This guide draws describe the principles and processes of
together these developments to provide a risk management
structured approach to implementing enterprise
risk management ERM provide a brief overview of the
requirements of ISO 31000
Intended benefits of risk management
give practical guidance on designing a
For all types of organisations there is a need to suitable framework
understand the risks being taken when seeking to
achieve objectives and attain the desired level of give practical advice on implementing
reward Organisations need to understand the enterprise risk management
overall level of risk embedded within their
processes and activities It is important for
organisations to recognise and prioritise significant
risks and identify the weakest critical controls
When setting out to improve risk management
performance the expected benefits of the risk
management initiative should be established in
advance The outputs from successful risk
management include compliance assurance and
enhanced decision making These outputs will
provide benefits by way of improvements in the
efficiency of operations effectiveness of tactics
change projects and the efficacy of the strategy
of the organisation
2 A structured approach to Enterprise Risk Management
This guide is the result of work by a team drawn COSO ERM framework and ISO 31000
from the main risk management organisations in
the UK the Association of Insurance and Risk The Committee of Sponsoring Organizations of
Managers AIRMIC the public sector risk the Treadway Commission COSO published an
management association Alarm and the Institute Enterprise Risk Management ERM standard in
of Risk Management IRM The guide is intended 2004 The COSO ERM cube is well known to risk
to be applicable to all types of organisations management practitioners and it provides a
Throughout the guide the word Board is used to framework for undertaking ERM It has gained
signify the decision making body within an considerable influence because it is linked to the
organisation In the public sector this body may Sarbanes Oxley requirements for companies listed
be referred to as the Council Executive or in the United States ISO 31000 was published in
Authority 2009 as an internationally agreed standard for the
implementation of risk management principles
There are many opinions regarding what risk
management involves how it should be This guide provides a structured approach to
implemented and what it can achieve implementing risk management on an enterprise
International Organisation for Standardisation ISO wide basis that is compatible with both COSO
standard 31000 was published in 2009 and seeks ERM and ISO 31000 However the guide places
to answer these questions This guide includes a more emphasis on ISO 31000 because it is an
brief commentary on ISO 31000 as well as international standard and many organisations
providing further information on the successful have international operations At the same time as
implementation of risk management Importantly publishing ISO 31000 ISO also produced Guide
this guide recognises that risk has both an upside 73 Risk management Vocabulary Guidelines
and downside for use in standards
Risk management principles Acknowledgements
Permission to reproduce extracts from ISO 31000
Risk management is a process that is under
Risk management Code of practice is granted
pinned by a set of principles Also it needs to be
by the BSI British Standards can be obtained in
supported by a structure that is appropriate to the
PDF or hard copy formats from the BSI online
organisation and its external environment or
shop www bsigroup com shop or by contacting
context A successful risk management initiative
BSI Customer Services for hardcopies only Tel
should be proportionate to the level of risk in the
44 0 20 8996 9001 e mail
organisation as related to the size nature and
cservices bsigroup com
complexity of the organisation aligned with other
corporate activities comprehensive in its scope Figure 1 Figure 4 Table 2 Table 3 and Table 4 are
embedded into routine activities and dynamic by reproduced with kind permission of Kogan Page
being responsive to changing circumstances Limited from Fundamentals of Risk Management
2010 ISBN 978 0 7494 5942 0
This approach will enable a risk management
www koganpage com
initiative to deliver outputs including compliance
with applicable governance requirements
assurance to stakeholders regarding the
management of risk and improved decision
making The impact or benefits associated with
these outputs include more efficient operations
effective tactics and efficacious strategy These
benefits need to be measurable and sustainable
Appendix A provides a checklist of actions that
should be completed in order to fully satisfy risk
management requirements
3 A structured approach to Enterprise Risk Management
Part 1 Risk risk management and ISO 31000
Part 1 provides an overview of risk and risk Definition of risk
management with particular reference to ISO
31000 The terminology used to describe the There are many definitions of risk and risk
steps in the risk management process is not management The definition set out in ISO Guide
consistent and this part reflects on these 73 is that risk is the effect of uncertainty on
difficulties A summary of the risk management objectives In order to assist with the application
requirements that should be in place in order to of this definition Guide 73 also states that an
ensure good standards of risk governance are effect may be positive negative or a deviation
presented by way of a checklist in Appendix A from the expected and that risk is often described
by an event a change in circumstances or a
1 Nature and impact of risk consequence
Risks can impact an organisation in the short This definition links risks to objectives Therefore
medium and long term These risks are related to this definition of risk can most easily be applied
operations tactics and strategy respectively when the objectives of the organisation are
Strategy sets out the long term aims of the comprehensive and fully stated Even when fully
organisation and the strategic planning horizon stated the objectives themselves need to be
for an organisation will typically be 3 5 or more challenged and the assumptions on which they
years Tactics define how an organisation intends are based should be tested as part of the risk
to achieve change Therefore tactical risks are management process
typically associated with projects mergers
acquisitions and product developments
Operations are the routine activities of the
For example consider the infrastructure of an organisation and the implementation of a new IT
system The choice of hardware and software are strategic decisions If these choices are
incorrect the consequences will not be obvious for some time The associated risks are strategic
risks and these risks will be taken with the intention of achieving benefits Correct strategic
decisions deliver benefits that result in achievement of the upside of risk
The project to install the new hardware and software will be a change initiative that represents the
tactics by which strategy will be implemented Risks within the project need to be managed so
that the project is delivered on time within budget and to specification Again it is possible to
achieve an upside in the execution of the project whereby the project is delivered early and below
budget It is also possible that the IT hardware and software will deliver greater benefits than
Once the new hardware and software has been installed the system will be vulnerable to
operational risks including computer breakdown loss of data virus attacks and operator errors
These operational risks may be very significant and correct procedures will need to be designed
and implemented to minimise potential disruption
4 A structured approach to Enterprise Risk Management

Related Books

Seismic Design and Performance Of Building Structures

Seismic Design and Performance Of Building Structures

associated with structures that perform poorly during earthquakes. As a result, there is growing national emphasis on seismic risk assessment, seismic design requirements for new structures, and seismic retrofit of existing structures. Seismic provisions of model building codes have been extensively revised and many west coast communities have

Continue Reading...
Understanding Dynamic Analysis

Understanding Dynamic Analysis

seismic • in seismic design • the closer the frequency of an earthquake is to the natural frequency of a building, the more energy is introduced into the building structure • buildings with shorter fundamental periods attract higher seismic forces as the code-based design spectrum exhibits higher accelerations at shorter periods. 23

Continue Reading...


DYNAMIC ANALYSIS USING RESPONSE SPECTRUM SEISMIC LOADING Prior To The Existence Of Inexpensive Personal Computers The Response Spectrum Method Was The Standard Approach

Continue Reading...
Probabilistic analysis of the active earth pressure on ...

Probabilistic analysis of the active earth pressure on ...

for c- soil backfill under seismic loading conditions ... retaining walls for c- soil backfill under seismic loading conditions. The fundamentals of this methodology are to use two point estimates to examine a variable in the safety analysis: the mean value and the standard deviation. When the horizontal seismic acceleration coefficient increases, the overturning factor of safety decreases ...

Continue Reading...
Earthquake Analysis of Concrete Structures

Earthquake Analysis of Concrete Structures

structural performance in a representative seismic action lies within desired limits, i.e. Performance based-seismic design. Non-linear time-history analysis (NLTHA) is generally accepted as the most suitable method to determine the seismic demand on structures designed to develop non-linear behaviour when subjected to earthquake motion ...

Continue Reading...
A Guide to Seismic Design & Detailing of Reinforced ...

A Guide to Seismic Design & Detailing of Reinforced ...

ensure that the structure will respond under seismic loading in the manner for which it has been designed. The information in the new Guide is to be presented, focusing on the key, functional and practical aspects of seismic design and detailing of reinforcement with references to specialist information. Technology and reduced design times can ...

Continue Reading...
Dynamic Loading and Response of Structures Workshop

Dynamic Loading and Response of Structures Workshop

structures to withstand severe environmental conditions. This one-day workshop is aimed at transferring knowledge and skills to civil and structural engineers on the fundamentals and practical applications of structural dynamics analysis techniques in support of the design of structures to withstand

Continue Reading...
FEMA P-751: Chapter 2: Fundamentals

FEMA P-751: Chapter 2: Fundamentals

because the earthquake loading is so severe and an extended range of behavior is permitted. The remainder of this chapter is devoted to a very abbreviated discussion of fundamentals that reflect the concepts on which earthquake-resistant design are based. When appropriate, important aspects of the NEHRP Recommended Seismic Provisions for New

Continue Reading...
Computational methods for the seismic assessment of structures

Computational methods for the seismic assessment of structures

field of nonlinear simulation/development of structures and infrastructures under seismic loading _____ Registration The participation is free of charge but the registration is required. To register please send an e-mail to: [email protected] or [email protected] by September 8th 2017

Continue Reading...


fundamentals of seismic loading on structures PDF may not make exciting reading, but fundamentals of seismic loading on structures is packed with valuable instructions, information and warnings. We also have many ebooks and user guide is also related with fundamentals of seismic loading on structures PDF, include : Florida Eoc Study Guides, Gunsmoke An American Institution Celebrating 50 Years ...

Continue Reading...