Responses for discussions
Discussion1
From time to time most organizations make improvements in their ERM framework to compete with latest trends in market and reduce risk factors, or simply choose best ERM framework which adds more value and powerful when compared to current ERM framework. Before selecting any ERM the organization should understand that no ERM is perfect and organizations should choose the best available tool by considering their requirements and future enhancements. In addition to risk analysis and risk management, these days may organizations choosing best ERM for the purpose of financial investments decisions making (Will kenton, 2018).
The ISO31000 is much simpler and superior to Risk scorecard model to mitigate the risk, According to current situation Edmonton Police Service (EPS) who wants to share their ERM with other city departments where new programs and initiatives are needed to be created, Using ISO 31000 is one of the best frameworks an organization can use to manage their risk because it increases the likelihood of an organization to improve on the identification of objectives of threats, achieving organization aim, and objectives and effective allocation and use of resources in risk treatment. Although, ISO 31000 is not used for certification purposes it provides an organization with the best guidelines for internal and external audit programs. This guideline helps an organization to compare their risks with that of other international benchmarks, which end up in providing sound principles for effective corporate governance and effective management. ISO 31000 risk assessment techniques mainly focus on the risk assessment, which helps different decision, makes to be able to understand the risk that may end up affecting the adequacy of the control that is in place and the achievement of the objectives. Therefore in a situation where an organization wants to develop a new ERM for their organization the best framework to use it the ISO 31000 (John Fraser & Betty Simkins, 2014).
Discussion2
The organization needed an enterprise-wide common risk framework, annual assessment cycle, and integration into the strategic planning process. ISO 31000 is intended to provide guidance on the nature of the risk management process and how to implement it. This distinction is a crucial one to understand when comparing the two frameworks and understanding how they can be used.ISO 31000’s focus on risk management as a process devotes more attention to implementation, which broadens its appeal for those looking for insights on that subject
“Risk management creates value, is an integral part of organizational processes; is part of decision making; explicitly addresses uncertainty; is systematic, structured and timely; is based on best available information; is tailored; is transparent and inclusive; is dynamic, iterative and responsive to change; and facilitates continual improvement and enhancement of the organization.”Therefore, ISO 31000 is focused on integration and change themes.
ERM can’t be implemented overnight, companies must evolve their thinking based on their experience and needs All of the frameworks can be useful as companies continue to learn and advance their risk management capabilities
ERM is not `plug and play.’ It has to be tailored to a company’s particular risk profile.
As intuit is a financial technology company, with desktop and online products and services. Consequently, the risks are very different
The ERM program needs to support the organization through a period of significant shifts; from desktop to Internet and mobile devices, to platforms with application programming interfaces enabling end-user and third-party-developer contributions, and embracing potential opportunities for new markets worldwide.
ISO 31000 (2009) defines risk as the effect of uncertainty on objectives. The approach to ERM consists of both qualitative and quantitative. Whichever approach to follow, the following factors are the general themes:
1. Internal environment of the organization (context)
2. Objective
3. Event identification
4. Risk assessment
5. Risk response
6. Control activity
7. Information communication
8. Monitory
The most effective ERM programs leverage the process to build a sustainable, enterprise-wide risk management capability that evolves to address emerging and changing exposures.The objective of ERM at Intuit is not only to help the company avoid risks, but to help the company manage risk through action and to enable embracing uncertainty.In order to be successful, risk cannot be mitigated entirely. Managing risks intelligently allows Intuit to make better and quicker decisions considering both the risks and rewards of strategic decisions
The speed at which a company moves through each level of ERM maturity will vary, as it must be tailored to the individual needs and capacity for change of the company but it is important to recognize risks can differ in different industries.
For example, the risk profile of a major U.S. bank would show many of the larger risks to be financial risks, while for a manufacturing company, the largest risks are not necessarily financial issues. “The trick and the key thing,” says Walker, “is to change the perspective in the minds of executives and boards to understand the business and the strategic implications of financial risk.
Chapter 12 of this bookshows how Intuit has been exposed to various risks that are operational and other are customer related. Chapter 15 of this book shows how ERM can be embedded in planning that is strategic at Edmonton city. It also looks at the process that was applied by Edmonton city to establish a new ERM model. After an across examination, the city decided to come up with a framework that was based on ISO 31000 which is a risk management standard that is customized to suit the needs of City’s. On the other hand, Pm2 framework can be used as an alternative of the ISO 31000.
Discussion3
Yes, I would recommend that the base their new ERM on PM2 Risk Scorecard because previous attempt ERM are not fully implemented but rather than open door emerged when Edmonton made another vital arrangement, The Way Ahead, in 2008. With the vital arrangement and objectives settled, they required hazard examination to figure out what could keep the city from accomplishing its objectives and destinations. In order to implement the risk management planning organizations identify the future risks and take appropriate risk mitigation process. Performance measurement provides key role in risk mitigation process ideally risk assessment would help in strategic planning documents determine the most risk actions vision and goals. In addition to that, here listing out the future mitigation risk plans and listing out the risk indicators are as follows.
· Identify the risk strategy
· Identify key risk elements (ISO31000 Based check list)
· Score risk Elements - Rate impact and likelihood strategic objectives (1 to 5)
· Rate Impact and performance
· Identification of planned future initiatives
However, I will like to state that the most extensively used framework for implementing ERM is ISO 31000 and COSO. ISO31000 is a better choice for the Intuit scenario because it led the path to a simpler risk mitigation and review process. In addition, it is a superior risk model that does not concentrate on the strategic objective level but rather concentrate on mitigating at the risk level and does not require a separate worksheet for each objective/risk combination.