The involvement of this
governing bodies is critical to enact the ERM vision since they take
accountability on overseeing the portfolio of risks that the organization
ERM deployment is embraced
when there is a strong level of leadership and support from corporate boards
and senior management which is already inserted as major clause in the 32 72.
Furthermore, effective ERM
can provide a significant source of competitive advantage for those
organization that can demonstrate a strong ERM methodology. While there are
organizations that are implementing ERM processes to increase the effectiveness
of their risk management activities, 72 perform
research on why some organizations embrace ERM and others do not embrace the
The goal is to increase
stakeholder value by assessing the risks that can prevent the business to
achieve its objectives.
ERM involves anticipating
and managing business risks before problems occur rather than responding and
reacting to threats after the fact, when the damage has already been done 70.
ERM consist of the process
for identifying and managing potential events that could affect the entity’s
ability to manage business risks then they remain within its risk appetite 70.
As mentioned in Figure 3.6 61 Risk
Assessment Processes shows the risk assessment process.
asserts that a holistic ERM approach enables the organization to lower the risk
failure, increase performance and create value. The risk management process
structure proposed by 61, will be used as reference
through-out the rest of the following sections in order to obtain a systematic
knowledge of the phases during the risk assessment process.
Opposite from viewing risk
management from a silo-based perspective, a holistic risk management
perspective allows the enterprise to cover business risks associated with their
internal and external context.
50 depict ERM by addressing how firm performance
is improved by acquiring a holistic risk management approach. This view is
consistent with trends in corporate governance strategy that views ERM as an
integrated approach for determining the business risks that impact an
organization’s ability to achieve its business objectives and to develop
programs for managing the identified risks 70.
Complemented by the Committee
of Sponsoring Organizations of the Treadway Commission (COSO) guidelines. “Enterprise
risk management is a process, effected by an entity’s board of directors,
management and other personnel, applied in strategy setting and across the
enterprise, designed to identify potential events that may affect the entity,
and manage risk to be within its risk appetite, to provide reasonable assurance
regarding the achievement of entity objectives” COSO,
“Essential function of corporate
governance that addresses the management of risks within an
“A process of identifying and prioritizing
risks so that an agency can deal with event that are most important 36”.