Article title

By Hugo Melo

Enterprise Risk Management at Work

Authors

Author 1

Author 2

Author 3

Author 4

As regulators, investors and other stakeholders place increasing demands on companies to provide assurance on managing business risk, they face a growing need for effective, auditable methodologies for Enterprise Risk Management (ERM). While an ERM process must satisfy prescribed minimum requirements, it should be designed to complement existing decision making and management activities without placing onerous demands on the time of the organization’s most valuable resource – its people.

The system should answer the following question with an emphatic YES: Are you managing business risk effectively; is the answer auditable; are you achieving this efficiently?

An effective ERM program should consider these factors:

• Contextualizing the ERM program within existing corporate governance, due diligence and compliance strategies and processes
• Integrating ERM activities into existing business processes such as strategic planning and budgeting cycles
• Ensuring that ERM activities work for – and not against – the organization
• Taking ERM beyond compliance – to use it as a growth tool

To satisfy the requirements of existing regulatory and international standards, an ERM process should be developed around certain generic activities:

• Defining the functional or operational context within the organization to determine their critical relevance
• Identifying, defining and categorizing risks within each context
• Exploring each risk in terms of causes and consequences as well as the efficacy of existing controls
• Evaluating each risk according to a matrix or methodology that is pertinent to the organization
• Designing and implementing relevant risk management strategies and additional controls
• Assessing the effectiveness and efficiency of risk management strategies and controls
• Employing strategies and processes for communicating, disclosing and reporting risk

SRK Australasia has recently expanded its skills base with the appointment of Greg Trivett as Principal Consultant (Enterprise Risk Management) based in Brisbane. Greg was instrumental in establishing a corporate ERM process within a global mining and petrochemical organization. The service SRK offers to clients entails assessing their existing competencies for ERM and then guiding the organization in researching, developing and implementing an ERM management approach that is customized, effective and efficient and that complements and adds value to existing business planning processes.