Enterprise Risk Management and Risk Assessment Resources
risk management (ERM) is an integrated, forward-looking and
process-orientated approach to managing all key business risks and
opportunities - not just financial ones - with the intent of maximizing
value for the enterprise as a whole. KnowledgeLeader provides policies,
tools, articles, and other resources to help you:
• Understand enterprise risk management
• Develop risk management and risk assessment checklists, policies, and procedures;
• Understand current risks;
• Discover best practices to mitigate risk;
• Reduce business risk in all areas.
Articles from thought leaders share techniques and approaches, providing ideas, best practices, and actionable advice. Select one of the areas below to view a sample of the risk management and risk assessment information available on KnowledgeLeader. We have also provided summaries of other risk related articles and tools that are available with a free trial or subscription.
Below you will find just a few examples of the
KnowledgeLeader materials focused on Enterprise Risk Management:
• External Resources
Data Backup Policy
This policy is intended to provide a standardized means of backing-up and maintaining computer files within an organization. The backup and maintenance of files is critical to the viability and operations of a company, and it is essential that certain basic standard practices be followed to ensure that data files are backed up on a regular basis.
E-Business risks - Compliance
Compliance risk can result in failure to conform with laws and regulations that apply to a business process at the international, country, state and local level. This e-business white paper describes regulatory and other business risks related to compliance. Management best practices and performance measures are suggested. The article includes a list of questions that audit committees can ask to learn about compliance risks.
Enterprise Business Risk Management Process - Overview Framework
Enterprise business risk management is illustrated broadly in this framework. It is a continuous process of establishing risk management objectives, assessing risks within the context of established tolerances, developing strategies and implementing risk management processes, and monitoring and reporting upon those processes.
Enterprise Risk Management Interview Questionnaire
The ultimate goal of Enterprise Risk Management (ERM) is to evaluate total returns relative to total risks, leading to more informed business decisions. This questionnaire can be used when assessing an organization's enterprise risk management strategy. It focuses on the internal environment, objective setting, event identification, risk assessment, risk response, control activities, and information and communication.
Enterprise Risk Management Project Plan - Sample
Enterprise Risk Management (ERM) requires clear risk management goals and objectives, linked to business objectives and strategies. This document is a sample project plan utilized during the planning phase of implementing ERM across an organization. The project plan supports a phased implementation approach detailing tasks, deliverables, and a project timeline.
Fraud Prevention and Detection Audit Work Program
This program can be used by internal auditors as an evaluation tool or converted into a questionnaire for use with management to better understand current fraud prevention and detection program activities.
Human Resources Risk Management Presentation
This short guide helps define human resources risk, and identify the major HR processes and sub-processes where risks occur.
Job Description: Chief Risk Officer - Sample 3
This job description example provides requirements for the position of Chief Risk Officer.
Risk Assessment Survey Template - Sample
The goal of Enterprise Risk Management is to identify, evaluate and manage key risks impacting an organization's ability to achieve its objectives and strategies. This document provides a template to inventory and assess critical risk areas (business functions) and the associated risks embedded within each area. The results can be used to help develop an Internal Audit Plan. The results may also be included in the Risk Assessment Report provided to the Audit Committee.
Record Retention Questionnaire
Either premature destruction or loss of records or failure to destroy obsolete records can cause serious problems. This questionnaire helps to assure that records are retained in compliance with any regulatory requirements, and with company policy.
Risk Management Oversight Committee Charter
The purpose of the Risk Management Oversight Committee is to monitor the organization's risk environment and provide direction for the activities to mitigate, to an acceptable level, the risks that may adversely affect the company's ability to achieve its goals. This charter serves as an example document outlining this committee's various responsibilities.
Using Risk Management Frameworks
This presentation defines and describes various types of internal controls. Then it reviews control frameworks including COSO, COSO ERM, and COBIT. Finally, it describes the elements and implementation of an enterprise risk management solution.
The Combined Code of Corporate Governance (Turnbull Report) - UK
The Combined Code of Corporate Governance challenged directors of listed companies to raise their game on business risk management. To help companies respond, in 1999 the Institute of Chartered Accountants of England and Wales's (ICAEW) Internal Control Working Party chaired by Nigel Turnbull, published Internal Control: Guidance for Directors on the Combined Code ("the Turnbull report"). The Turnbull guidance was updated on October 2005.
Assimilating Governance into your ERM Process
In an increasingly risky world, the discipline of risk management is moving steadily beyond the tactical level as organizations take a fresh look at enterprise risk management (ERM) and explore how best to assimilate governance into their ERM process. Integrating governance and ERM is not a new idea. The two processes have long been intertwined conceptually. Since integration is so vital to the success of ERM, this article focuses on assimilating governance into the ERM process.
Challenges and Benefits of Operational Risk Indicators
Many financial institutions have tried to implement operational risk indicators, but with generally limited success. In many cases the implementations were too ambitious and did not allow sufficiently for the cultural and management philosophy change that is required. As described by David Farmer in this article, successfully implementing operational risk indicators is a long-term journey.
Control, Compliance and Risk Management at Duke University
Duke University was founded in 1924 when the Duke family of Durham, North Carolina provided a substantial endowment to Trinity College. In this profile, Mike Somich, Duke University's executive director of internal audit, discusses the importance of recruiting auditors with a variety of audit skills to cover the three groups he oversees - the University, Duke University Health System (including the School of Medicine) and information technology. His audit team is responsible for three auditing components at Duke - controls, compliance and risk.
Does Your Project Risk Management System Do The Job?
Managing risk is key to the successful and on-time completion of any project. Asking the right questions at the right time is important. Walkthroughs should be performed to observe key risk management components. Based on the tasks at hand in the project, appropriate personnel must be assigned, both at the project manager and project task levels. This article includes a list of common project risks and a description of quick responses to those risks.
Enterprise Risk Management in Practice - Profiles of Companies Building Effective ERM Programs
With the increased interest in enterprise risk management (ERM), it made sense to compile examples of how different companies in the United States, Europe and Japan are improving their risk management capabilities. In this publication, 11 companies are profiled discussing the common theme of how ERM is integrated into their operations. In producing the various profiles for this publication, several common themes emerged that demonstrate why and how companies across multiple industries are improving their risk management capabilities. Each of these profiles are published as stand-alone publications in the Performer Profiles area on KnowledgeLeader.
Enterprise Risk Management - Risk Intelligence and Anti-Fraud Controls
In today's environment of intense scrutiny by regulators and stakeholders, investment in risk management is more important than ever. At Foley's sixth annual National Directors Institute on March 8, 2007 in Chicago, Illinois, the topic of enterprise risk management's (ERM) relationship with risk intelligence and anti-fraud controls was the focus of a dedicated session. This discussion included case studies where companies incorporated ERM into their day-to-day operations.
Guide to Enterprise Risk Management: Frequently Asked Questions
In today's challenging global economy, there is a need for identifying, assessing, managing and monitoring an organization's business opportunities and risks. The concept of enterprise risk management (ERM) helps elevate the focus of risk management from the tactical to strategic level. The purpose of this publication is to address some of the most commonly asked questions with respect to ERM. It offers ideas, suggestions and insights to executives responsible for ERM implementation.
Managing Outsourcing and Offshoring Risk
As companies focus on managing their operations in a difficult economic environment, they seek to become leaner and more focused, efficient and effective. Over the last decade, many international companies have offshored work to other countries with a view toward achieving these objectives. This issue of The Bulletin explores the advantages, disadvantages, and the risks associated with outsourcing and offshoring. And how the risks can be managed when decisions are made to outsource and/or offshore business activities.
Overcoming Biases in Operational Risk Scenario Analysis
As traditional forecasting and planning no longer fully serve business needs, many financial organizations are using scenario analysis to evaluate the impact and likelihood of extreme but plausible risk events. In this article, David Shu explains how, if successfully executed, scenario analysis can be the most valuable element in an organization's operational risk management framework.
Risk Analysis and Risk Management
This article addresses frequently asked questions on risk analysis, including why, when and who should conduct IT risk analysis. It talks about the six steps necessary to perform a risk analysis, the three deliverables on the risk analysis process, and the six most common methods of risk mitigation. The appendices list control categories for operations controls, application controls, security controls and systems controls.
Risk-Based Performance Improvement
Performance management and risk management can complement each other and can result in improved company performance and the creation of shareholder value. However, reality shows that performance management initiatives and risk management activities are frequently not harmonized. This article describes the principle of Risk-Based Performance Improvement (RPI) and its associated benefits to companies.
Management of business risks has become an increasingly important issue. In this article, Protiviti's Dr. Gabriel Kuhn presents background information on risk measurement and estimation and shows several quantification methods for the four main risk types: credit, market, liquidity and operational risk.
The Elephant in the Room - Understanding the Audit Challenges of Project Risk
The value of internal audit as a critical component of corporate governance and risk management is an undisputed fact. However, within an increasing audit universe, there is an elephant in the room that often escapes notice during the audit planning process but can have significant implications for the business if left unaddressed. Part one of this two part series, introduces this elephant: the need for oversight and monitoring of project risk. The final part of the series discusses what traps to avoid when reviewing project risk and internal audit's growing role in this area.
The Practical Challenges of Enterprise Risk Management
Enterprise risk management (ERM) is currently front of mind for many senior executives and board members. Many companies have been challenged to implement ERM in a practical manner that meets the requirements of its board while not introducing unnecessary administration and costs on management and staff. This is not an easy balance to strike. So, what works in practice?
The Simple Truth Behind the Complex Idea of Risk
"Risk" is a dirty word in business circles today-but it doesn't have to be, says Rick Steinberg, Compliance Week columnist and principal author of the COSO ERM framework. "Risk management is not rocket science, and those who make it more complicated than it is are asking for trouble," he says. His advice on keeping it simple is inside.
A small internal audit team with big plans for Endurance Group
Endurance Group is a global leader in casting, suspension, transmission and braking products. In this profile, Shripad S. Limaye, the internal audit head at Endurance Group, shares the challenges and benefits of overseeing a team of three internal auditors. In addition, Limaye describes the importance of enterprise risk management to the organization, internal audit's role in this effort, and how it complements the team's risk-based audit approach.
Ten Common Risk Management Failures and How to Avoid Them
It is fashionable today to talk about the role of risk management in the global financial crisis. Indeed, risk management had a role - a very important one. As we look back and closely examine what has transpired, we often hear the same questions expressed with a noticeable point of inflection in the voice pitch: What were they thinking? What did they know? How did they let this happen? This issue of The Bulletin explores 10 common risk management mistakes and how they can be avoided.
KnowledgeLeader also helps you find the best links to other ERM and Risk Assessment related resources on the web. Here are a few examples.
COSO Enterprise Risk Management - Integrated Framework
The framework defines essential enterprise risk management components, discusses key ERM principles and concepts, suggests a common ERM language, and provides clear direction and guidance for enterprise risk management. Engaged by COSO to lead the study, PricewaterhouseCoopers was assisted by an advisory council composed of representatives from the five COSO organizations.
Risk Management: Frameworks, Elements, and Integration
tatements on Management Accounting (SMAs) present the views of IMA regarding management accounting and financial management issues. In their development, the Statements are subjected to a rigorous exposure process. The 2006 SMA on Enterprise Risk Management: Frameworks, Elements, and Integration provides an overview of the ERM process and frameworks and will help management accountants understand their roles and responsibilities in ERM projects.
IRMI: The Risk Analysis and Insurance Training Company
IRMI provides advice and strategies for risk management, insurance, and legal professionals. This website includes an online library of risk and insurance publications, conferences, webinars, and seminars.
OCEG is a nonprofit organization that uniquely helps organizations drive Principled PerformanceTM by enhancing corporate culture and integrating governance, risk management, and compliance processes via: guidelines and standards, community of practice, and evaluation criteria & benchmarks.
Protiviti's Enterprise Risk Management Solution
Enterprise risk management (ERM) is a structured and disciplined approach to managing risk. ERM aligns the organization's strategies, processes, technology and knowledge with the purpose of improving its ability to evaluate and manage, enterprise-wide, the uncertainties it faces as it creates value.
Risk and Insurance Management Society
The Risk and Insurance Management Society, Inc. is a professional organization dedicated to advancing the practice of risk management, a professional discipline that protects physical, financial and human resources.
RiskCenter is a web-based syndicated news service devoted exclusively to providing financial risk professionals with the inside scoop on breaking economic, political and financial stories, as well as the risk strategies required to measure and manage these risks. RiskCenter sources its information from federal banks, treasury units, and international agencies, for example-and internal sources.
Risk Management Resources
This page provides the latest training opportunities, publications, and resources on risk and control from The Institute of Internal Auditors.
The Risk Management Association (RMA)
Helping Financial Institutions Manage Risk Enterprise-Wide. In today's world, managing risk has become a necessity, not an option. The Risk Management Association (RMA), a member-driven professional association, helps banking and nonbanking institutions identify and manage the impacts of credit risk, operational risk, and market risk on their businesses and customers. They achieve this through education, research, networking, and leadership opportunities.