The following is a guest blog post is from RiskArticles.com.
Enterprise risk management (ERM) is an ongoing process designed to manage all risks within a firm. The Commission of Sponsoring Organizations of the Treadway Commission (COSO) defines ERM:
“Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
It is important to establish an ERM Framework because it enables a firm to gain a clear view of its overall risk level. Discussed below are the steps that need to be taken to establish an ERM Framework, the potential benefits that can be expected, and the challenges that may be faced.
Process for establishing an ERM Framework
1. Common language around risk
The risk management function (or equivalent) must establish and educate the organization on common terminology regarding risk. A common definition of risk is – the potential for loss, or the diminished opportunity for gain, which can obstruct the achievement of the firm’s business objectives. Common terminology will facilitate communication across business units.