dis res 6
srk
DisRes6.docxResponse 1 :
Enterprise Risk Management (ERM) is an essential element that every organization needs to undertake to safeguard the organization's activities. ERM involves planning, organizing, leading and controlling organization activities to reduce the chances or effects of a risk on an organization's capital as well as revenues (Hoyt & Liebenberg, 2011). The process of risk management can take different forms, that is, through the use of the PM2 risk scorecard and the ISO 31000.
The PM2 risk scorecard is a single scorecard that majors on combining both the risk and performance of the organization in one view. The PM2 scorecard majorly focuses on internal controls when approaching risk management. The PM2 framework demands the reporting of various organizational elements such as the financial and internal reporting as well as concentrating on strategies (Keyes, 2010). On the other hand, ISO 31000 considers that risk affects the objectives of any given organization. Thus the framework uses the approach of focusing on minimizing the risk impact on the objectives and thus increasing the possibilities of attaining the set goals. Therefore, resources are effectively allocated to improving easier detection of opportunities and threats as well as efficient resource use to avoid risk occurrence.
Intuit needs to prefer using ISO 31000 framework in risk management as compared to the PM2 scorecard. The reason for the preference is that the ISO31000 assists in providing sound principles for efficient management and organizational governance in the corporate world (Lalonde & Boiral, 2012). The focus is the assessment of risks affecting the objectives which need to be achieved and is simpler to implement and also provides a robust, globally recognized standard for risk management. Unlike the ISO 31000, the PM2 method is a complex process that needs a sophisticated understanding making its implementation difficult. The PM2 mitigation process is also harder to implement and focuses on a more extensive organizational process and not specifics thus making ISO 31000 more preferable
Response 2 :
As a consultant retained by Intuit to help in re-implementing the ERM program, I would choose ISO 31000 over the PM2 Risk Scorecard due to the various benefits and efficiencies that are associated with it. Firstly, I would choose the ISO 31000 framework since it facilitates the simpler risk review and mitigation process (Fraser, Simkins & Narvaez, 2014). The simplification of the risk review and mitigation process would be important in ensuring the re-implementation of the ERM program in Intuit in a manner that is more effective hence helping in achieving the expected results by the company (Olechowski, Oehmen, Seering & Ben-Daya, 2016). Additionally, the ISO 31000 is superior to risk scorecard model since it focuses on the mitigation at risk level as compared to the level of strategic objective and never requires any separate worksheet for every objective or risk combination (Fraser, Simkins & Narvaez, 2014). The focusing on the mitigation of risk will be important in ensuring the re-implemented ERM program as it is effective in managing, detecting and mitigating all the company risks thus facilitating the company in reducing its risk costs and the overall risk management process (Olechowski, Oehmen, Seering & Ben-Daya, 2016).
The choice of ISO 31000 will also be important in achieving the industry certifications that require the risk assessment and management processes to conform to the ISO 31000 standards (Olechowski, Oehmen, Seering & Ben-Daya, 2016). Therefore, the application of the ISO 31000 framework will be essential in ensuring the company applies and bases their new ERM program on the most suitable way in order to achieve maximum results from the re-implemented program (Fraser, Simkins & Narvaez, 2014). Lastly, the application of ISO 31000 also includes the initiative and standards that meet the global standards hence making it a suitable framework that will be effective in attaining the expected results and the ISO 31000 framework is also a powerful tool that is required in attaining the ENVISO certification (Fraser, Simkins & Narvaez, 2014).
References
Fraser, J., Simkins, B., & Narvaez, K. (2014). Implementing enterprise risk management: Case studies and best practices. John Wiley & Sons.
Olechowski, A., Oehmen, J., Seering, W., & Ben-Daya, M. (2016). The professionalization of risk management: What role can the ISO 31000 risk management principles play?.International Journal of Project Management, 34(8), 1568-1578.
