Enterprise Risk Management Consulting Services

Providing ERM Consulting services to organizations across a variety of business sectors related to finance, technology, compliance, and operations.

An ERM consultant provides enterprise risk management consulting services that enable organizations to FOCUS on the most important risks to an enterprise in achieving its strategy and related business objectives with the goal of generating greater INSTITUTIONAL VALUE.  ERM Exchange maintains a broad yet balanced set of perspectives related not only to finance, technology, and compliance but also operations across a variety of business sectors.

An enterprise risk management consultant FACILITATES a process in which management and the Board of an organization articulate their enterprise strategy, business objectives, and risk appetite, and identify the MOST IMPORTANT RISKS in achieving the strategy and goals to enhance the VALUE of the enterprise. Our enterprise risk management consulting services incorporate an assessment of the potential impact and likelihood of top risks, an assessment of the effectiveness of existing response strategies to each of the risks, as well as the introduction of new response strategies to certain risks. ERM Exchange also educates ERM program participants on a variety of concepts associated with enterprise risk management enabling such teams to independently carry out meaningful ERM programs which cascade through the entire workforce.

Business Strategy Risk Assessment - ERM Exchange

Business Risk Assessment

A business risk assessment is a process intended to help an enterprise FOCUS on “what’s important?”  The process is broadly comprised of three activities: 

  1. Identifying situations that could place an organization in serious jeopardy;
  2. Assessing the significance of these situations by gauging the potential “impact” and “likelihood” of each, as well as the speed in which these situations can arise; and 
  3. Critically evaluating and devising actions that help to reduce the impact and likelihood of such risks.  

A business risk assessment uses quantitative modeling and qualitative assessments to evaluate the potential size and effect of the situation (i.e., how big and how bad could “it” become? Next, it answers the question, what actions should management consider to reduce the threat by taking into account time, energy, and cost? Additionally, a thorough business risk assessment will uncover important risks that take the identity of “missed opportunities” versus explicitly bad outcomes (e.g., not investing in a new ERP system to replace antiquated legacy systems). 

Benefits of Enterprise Risk Management

  1. Robust debate among managers regarding the range of opportunities to generate value; 
  2. Awareness of the interdependencies that exist between processes, functions, or business units whereby a risk can originate in one function yet negatively impact other functions; 
  3. Reduction of unpleasant and costly surprises by identifying risks and devising practical response strategies; 
  4. Lower the variability of key performance measures by identifying and managing the statistics that really matter; and 
  5. Greater clarity regarding the deployment of capital and people, aligning the Board and management, as well as improved business processes. 
  6. Reduces cost by lowering insurance premiums and reducing costs of capital, often in substantial ways.
Business Risk Assessment Services - ERM Exchange

Components Of Enterprise Risk Management

The COSO Enterprise Risk Management Framework consists of five components which are supported by 20 underlying Principles that constitute a process to institute and maintain an Enterprise Risk Management program.  Essentially, the five components can be described as: 

  1. Risk Governance and Culture that addresses the tone, behaviors, and ethical perceptions maintained throughout the enterprise by all individuals –  especially leadership; 
  2. Risk, Strategy and Objective Setting which integrates perceptions of risk into the establishment of enterprise strategy and business objectives which manifest in day-to-day operations; 
  3. Risk in Execution is at the heart of Enterprise Risk Management as it identifies and assesses risks in the achievement of strategy and objectives while considering risk appetite and risk response strategies; 
  4. Risk Information, Communication, and Reporting pertains to the collection and communication of information from internal and external sources to support ERM; and
  5. Monitoring ERM Performance helps an organization gauge the growing strength or weakness of the other components of ERM over a period of time.

ERM Exchange Leadership

John McLaughlin has spent the past 30 years in the public and private sector serving as a partner within several international accounting and consulting firms leading risk advisory practices, as well as a corporate audit director for a Fortune 500 specialty services organization where he established enterprise risk management programs within several business units.  

John has been witness to a number of governance failures throughout his career, and from that experience, he has been able to convey unique perspectives regarding ERM and the ability to facilitate the establishment of practical enterprise risk management consulting programs. John focuses on the most important risks (a.k.a., “Top Ten”) and their underlying risk response strategies which are intended to generate greater institutional value.

Industries We Serve

ERM Exchange has provided enterprise risk management consulting services to a number of organizations across a variety of industries including life sciences, research, manufacturing, distribution, e-commerce, managed services, healthcare, higher education, and other not-for-profits.

ERM Exchange Testimonials

What Does An Enterprise Risk Management Report Include?

Enterprise risk management aims to unify the focus on the most important risks facing an enterprise. The unified understanding should be evident in a REPORT that includes a “heat map” which identifies the top risks in relation to their perceived levels of likelihood and impact.  The report should: 

  • Include a description of each of the top risks which are called “contributing factors” and “response strategies.”  
  • Serve as THE focal point for management and the Board to discuss and update their perceptions of the most important risks faced by the enterprise 
  • Serve as evidence to regulators, underwriters, and ratings agencies that ERM is taken seriously, often yielding a REDUCED COST of capital and insurance premiums.