Annotated Bibliography

Introduction:

ERM promotes strategies which help institutions to manage their risk holistically.  ERM is not a separate risk discipline; it is the governance structure that provides the horizontal view of the risk disciplines and operational risks of an institution. It is better viewed the risk which arising from the execution of an institution’s business functions. Breech of any of those functions or failure to execute effectively may lead to institution’s reputational loss and risk in operations.

Background:

Organizations should have long practiced various parts of what has come to be called enterprise risk management. Identifying and prioritizing risk either by foresight or following a disaster which has long been standard management strategy. Although practices have not been progressed uniformly through different organizations and industries. The general evolution of ERM is characterized by different number of driving forces. Enterprise risk management which assists management with the alignment of risk appetite and corporate strategy and improves the process for risk identification, measurement and management, enhances the ability to seize opportunities. All companies should have some form of risk management activities in place. However, all these activities might be at best informal and at worst totally undocumented, uncoordinated and misaligned with the overall strategy. Greater transparency which results into how a company manages its risk is being demanded by board members, senior management and regulatory bodies.

Problem Statement:

The overall business strategy of company should be broken down into its components and each one examined to identify exposures to each major risk category such as Credit, Market, Operational, Legal, Financial, IT. An assessment should be in place for existing risk mitigation techniques or monitoring activities should also be performed at this stage. The requirements for this part of the exercise can be obtained through:

Risk Committee meetings

Facilitated Workshops

Interviews

Surveys

It’s important to monitor progress and communicate the status of the ERM process throughout the organization. Reporting should be simple, clear and concise and the formats should be tailored to specific users. The types of reports can range from:

simple lists which display details of the top risks in rank order

graphical reports with high-level details

detailed reports that monitor and track the implementation of action plans

drill-down reports that display, for example, the Category, Ranking, Appetite, Control, Current

Risk Assessment Result, Risk Owner and Associated Action Plan for each risk progress reports that compare the actual results and benefits of the ERM initiative with original objectives.

Risk management is a process that is underpinned by a set of principles and it needs to be supported by a specific structure that is appropriate to the organization and its external environment or context. A successful risk management initiative should be proportionate to the level of risk in the organization which should aligned with other corporate activities and dynamic by being responsive to changing circumstances. This risk management approach will enable a initiative to deliver outputs, including compliance with applicable governance requirements, assurance to stakeholders regarding the management of risk and improved decision making. The impacts which associated with these outputs include more efficient operations, effective tactics and efficacious strategy. These benefits need to be measurable and sustainable.

An important part of analyzing a risk is to determine the nature, source or type of impact of the risk. Evaluation of risks may be enhanced by the use of a risk classification system. Risk classification systems are important to enable an organization to identify accumulations of similar risks. A risk classification system will also enable an organization to identify which strategies, tactics and operations are most vulnerable. Risk classification systems which are defined based on the division of risks into those related to financial control, operational efficiency, reputational exposure and commercial activities. So far, there is no risk classification system that is universally applicable to all types of organizations and industries.

After completing the initial ERM process which does not mark the end of the initiative but the start of an ongoing process that will become part of the very fabric of the business. Having identified the top risks and put in place which requires strong risk management controls to safeguard the company and it is now time to move on to the next stage. Support our growth drivers of creating life enhancing innovation, delivering excellence in execution, and generating value through partnerships and empowering and inspiring our employees. Risk management must be integrated into the culture of the organization and this will include mandate, leadership and commitment from the Board. It must translate risk strategy into tactical and operational objectives, and assign risk management responsibilities throughout the organization. Achieve a risk aware culture which ensures by establishing an appropriate risk architecture, strategy and protocols.

References

1. COSO (2017, June). “ERM : Integrating with Strategy and Performance.”

2. Akipeo Inc. (2018, March). “The Financial Materiality of Environmental Risks in Food Production: A preliminary review of the downside exposure and upside opportunities for financial institutions engaging in soft commodity supply chains.” pp. 7-9

3. CIMA (2010): Risk Management report warns against silo mentality. In: Insight. Incorporating Synergy. The magazine for management accountants.