ERM EXCHANGE Logo
610.304.3856
info@ermexchange.com

Enterprise Risk Assessment Framework

ERM Exchange’s approach to establishing an enterprise risk management program combines the important theories within COSO’s Enterprise Risk Management Framework, with real-life examples accumulated over years of experience and research, as well as applying ten common “risk factors” that help to transform a RISK AWARE culture in a very practical way.

Importance of an Enterprise Risk Management Framework

The Enterprise Risk Management Framework is designed to identify important risks in executing strategies and achieving enterprise goals. Successful enterprise risk management programs create more valuable enterprises by: 

  • lowering costs, 
  • enhancing processes, and 
  • reducing unpleasant surprises
Contact ERM EXCHANGE to learn more

Key Risks in an Enterprise Risk Management Framework

The ERM Framework is designed to identify important risks in executing strategies and achieving enterprise goals.  Clearly, certain risks are common within industrial sectors (e.g., adequacy of loan loss reserves is an inherent risk in banking) as well as across industries (e.g., information security and cyber security).  However, an enlightened understanding of risks almost always reveals that risks are unique to the organization in which they apply.  Having said that, a pattern of risk types has developed over the years when instituting an ERM program, almost irrespective of the industry.

Responsiveness to Market Dynamics – If the Company does not adequately anticipate market changes and provide sufficient response to those changes, we may lose market share; evolving trends in consumer demands may be detrimental to our growth objectives.

Intensifying Competition – large competitors continue to grow through acquisition creating greater efficiencies for themselves, and smaller more nimble competitors threaten to infiltrate our customer base.

Supply Chain Disruption – a variety of circumstances can disrupt our supply chain which may result in inflationary pressure and declining revenue caused by delays in delivery, loss of retail shelf space, inability to produce some or all products, and an inability to distribute products.

Scalable Infrastructure – As the Company has experienced years of growth and continues to forecast growth, the current infrastructure may not be sufficient to support that growth; infrastructure is defined as the people, processes, systems, equipment, and relationships needed to support sales and operations.

Limited Liquidity and Cash Management – limited liquidity impacts the Company’s ability to attract new capital and grow the business; liquidity risks can materialize from customers, as well as vendors, suppliers, contractors, and sudden increases in the cost of capital including broken financial covenants.

Technology Adoption and Investment – Competitors, both large and small, are likely developing more sophisticated capabilities to manufacture or provide services, as well as transact with customers and vendors; such capabilities may be required to simply retain certain components of our customer base and supply chain.

Information Security and Cyber Security – Security breaches, ransomware attacks, loss of data may result in significant financial impact and reputational harm; security over operational, financial, and technical data is becoming more complicated and costlier to mitigate the threat; while the cost of cyber insurance increases, the coverage is narrowing.

What are the Major Components of ERM?

While COSO’s Enterprise Risk Management Framework is comprised of five “Components” and 20 underlying Principles, the most important element of a successful ERM program is the tone, behavior, and actions taken by senior leadership in support of establishing and maintaining an ERM program.  When a CEO genuinely exhibits belief and commitment to enterprise risk management, their conviction cascades through the workforce – who will individually and collectively reveal greater care for the enterprise which results in added productivity, happy customers, lower cost, fewer harmful surprises…a more valuable enterprise.

Contact ERM EXCHANGE to learn more

Factors in the Enterprise Risk Management Framework

Operational Risk Management: a case study approach to effective planning and response, by Mark Abkowitz, Ph.D., M.S., B.S., identifies ten risk factors that have been drawn from over a dozen catastrophes that occurred over the past 40 years.  The ten risk factors include:     

  1.       Design & Construction Flaws
  2.       Deferred Maintenance
  3.       Economic Pressures
  4.       Scheduling Constraints
  5.       Inadequate Training
  6.       Not Following Procedures
  7.       Lack of Planning and Preparedness
  8.       Communication Failure
  9.       Arrogance
  10.       Political Agendas

These risk factors can be applied to a number of the current day, high-profile corporate governance and risk management failures of larger enterprises, as well as smaller organizations including the Penn State / Sandusky Scandal, General Motors Ignition Switch Failure, Pacific Gas & Electric and the Camp Fire, the Temple University Business School false data submission for ranking in US News & World Report, as well as a small swimming club accident and a nursing home fire.  While the ten risk factors can be easily applied to governance and risk lapses, they should serve as a foundation when establishing an ERM program and a culture of risk awareness.

Contact ERM EXCHANGE to learn more
ERM Methodology - ERM Exchange