enterprise risk management case study

Enterprise Risk Management 101: Programs, Frameworks, and Advice From Experts

By Andy Marker | June 26, 2017 (updated December 4, 2021)

Share on Facebook
Share on LinkedIn

Link copied

Nothing in life is risk-free, and that includes the corporate world. Enterprises in every industry face risks that are both specific to their industries, as well as universal, including cyber-threats, the impact of natural disasters, and employee error. The growing field of enterprise risk management can help enterprises identify, monitor, and address risks to minimize the negative impact. In this article, we will outline enterprise risk management and discuss how a framework and roadmap can help an enterprise visualize and address risks. We will also hear from the field’s top experts on best practices in several areas of the current landscape and the types of risk that may lie ahead for enterprises.

What Is Enterprise Risk Management?

Enterprise risk management (ERM) is a constantly evolving field, but remains focused on identifying and minimizing risks that companies face. These risks might be specific to an industry (for example, HIPAA compliance in the healthcare field) or those faced by virtually every organization in the 21st century, such as cyber threats. An enterprise risk management framework is a tool that can help a company identify, list, and rank potential risks to specific parts of the organization. See below for more information and an example.

Why do enterprises need risk management? To succeed financially and otherwise, an enterprise needs to be aware of potential risks that could affect security, reputation, profits, operations, and more. An enterprise that ignores risks and the ways to mitigate them could potentially face catastrophic consequences.

The History of Enterprise Risk Management

Companies have faced risks since commerce began. Theft, natural disasters, and numerous other external factors posed threats to early businesses and continue to present risks today. By the 20th century, however, risks to enterprise organizations became more sophisticated and the results potentially more dire. According to Gerry Dickinson in his series in the Financial Times and in his book Enterprise Risk Management: The Way Ahead for DRDC Within the DND Enterprise , enterprise risk management as we know it began after WWII, when professionals identified certain risks, like natural disasters, that insurance companies would address and cover. In 1963, Robert I. Mehr and Bob Hedges wrote Risk Management in the Business Enterprise . This book articulated the idea that businesses should not only insure the risks they face, but also identify and manage them across the enterprise, with visibility from the C-suite down. Dickinson writes that the 1970s saw a rise of financial risks (a result of the growing popularity of derivatives and hedge funds), and major companies realized that they should manage both insurance risks and financial risks. Moreover, as industries evolved — and entirely new industries were created — business leaders began to encounter compliance and regulatory issues, which posed general and industry-specific risks. All of these risks could affect a company’s reputation, performance, and profitability. Thus was born the modern concept of enterprise risk management.

Why Enterprise Risk Management Is Important: The Risks Faced by Enterprises

Today’s business environment is complex and ever-changing. Many companies operate around the world, where different laws and regulations may apply. As more companies conduct their business over the internet, cybersecurity has become a threat to virtually every organization. Here are some types of risks that individual industries may face:

Financial: Nearly every type of risk can affect a company’s bottom line. Failure to respond to a natural disaster, theft from within, and reputational issues affect not just those specific operations, but potentially the financial health of the overall company.
Interest Rate: The fluctuation in interest rates can impact all manner of industries, including banking and lending, the stock market, real estate, and others.
Legal Issues: Companies may face legal penalties if they fail to comply with the letter or spirit of the law, whether they be local, national, or even international regulations. They could also face civil suits as a result of perceived negligence, discrimination, etc.
Hacking and Cyberattacks: Any company that does any of its business online can face enormous risks to the security of its data, its financial accounts, and more. See more details below.
Theft: One of the biggest risks companies deal with is theft from suppliers, vendors, and employees. This can range from taking home burgers at the end of a fast-food shift to embezzling millions of dollars.
Uncertain Financial Markets: Global and national financial market instability is a risk to any enterprise. A company’s stock may suddenly plunge due to no fault of the company itself.
Natural Disasters: Disasters like earthquakes and hurricanes can devastate regions to the point where they affect supplier delivery and order fulfillment, sometimes for long periods.
Government and Regulatory: Compliance in several industries, especially finance and health care, is a business-critical factor for risk. Compliance and regulations are constantly evolving, so it’s incumbent upon businesses to be aware of and in alignment with all relevant regulations.
Accidents: An accident, with a shipment of goods, for example, could put a company at risk. So could an accident involving an employee, if the legal system determines that the company is responsible.
Global and Political Instability: The uncertainty of the geopolitical arena influences international trade and the companies that engage with it.

The Goals of Enterprise Risk Management Programs

An enterprise risk management system typically has five goals, all of which are important for a solution to be successful. Any program that doesn’t include all of these may not be thorough and effective. The five goals include:

Identifying, monitoring, and mitigating risks
Being as proactive as possible in risk prevention
Providing clear steps for remedying potential adversity
Creating transparency and accountability to increase the faith and confidence of shareholders
Conforming to industry-specific compliance and regulatory rules

Ray Monteith is the Senior Vice President and Risk Control Services Leader in the British Columbia offices of HUB International , a risk-management consultancy. He would add a sixth goal to this list: constantly reevaluating the first goal.

“It is so important for businesses to keep working to identify new, potential risks. New risks can emerge in any industry, so it’s critical to be constantly evaluating the landscape .” — Ray Monteith, Senior Vice President and Risk Control Services Leader, HUB International, British Columbia, Canada

How Enterprise Risk Management Addresses the Risks Faced by the Financial Sector

Some industries face more risks than others, especially the financial sector. Investment banking, money management, the mortgage industry, and other types of financial services face several potentially harmful risks. These include the following:

Investment Risks: No investment is completely risk-free, and financial institutions, mutual funds, etc., can face severe losses if investments don’t pay off.
Security: Financial institutions must protect not only their own money and profits, but their investors’ and customers’ as well. Customers need to know their deposits and transactions are secure and protected.
Breaks in Business Continuity: When enterprises merge, close, or have breaks in operations, financial sector businesses may suffer, either directly or indirectly.

Moreover, because of the risks faced by this sector, the Basel II Accord of 2004 international regulation requires financial services companies to use risk management software. This regulation also requires that banks have enough cash reserves to cover the cost of any problems that occur, including fraud and IT-related events. In addition, the primary integrated financial trading systems, such as Misys , Calypso , and Murex , have built in risk management and compliance. Misys is a London-based financial conglomerate. San Francisco-based Calypso provides solutions to trading companies the world over. Murex, based in Paris, offers software IT products and solutions to the financial sector. Because of the nature of these companies’ customers, they all must conform to regulatory stipulations, as must the companies that do business with them.

IT and Cyber Risk Management

In the past several years, enterprise risks involving IT and the internet have increased exponentially. There are essentially two types of IT risk issues. The first concerns the tech and IT industries, where perpetrators can infiltrate a company’s proprietary software or email servers. The second involves virtually all companies, since nearly every enterprise has a significant internet presence and uses email to conduct transactions and communicate. Every organization is vulnerable to cyber risks, particularly as hackers and malware grow ever more sophisticated. Compromised companies can suffer harm to their products, their reputation, their customer service, their growth, their employees, and other areas. Companies that experience hacking or data breaches need to act as quickly and transparently as possible, contacting customers to announce how they plan to remedy the situation. Also, the highest-level executives need visibility into all cyber threats to their organization. An IT department cannot combat these sophisticated attackers on its own. The powerful, pervasive nature of cyber threats underscores the need for an enterprise-wide enterprise risk management system. Every company, regardless of industry, should cultivate and maintain strong relationships between IT risks, assets, processes, and controls by defining them according to description, category, hierarchy, ownership, and visibility. Companies should empower IT departments to assess, quantify, monitor, and manage IT risks. There should be issue management and remediation policies, including investigation protocols and root cause analyses. Lastly, there should be risk monitoring and metrics available to IT and other business leaders, so they can quickly identify risks and take action if needed.

One of the Biggest Risks in Enterprise Risk Management: Employee Theft

The leading risk factor faced by the retail world, especially fast-food restaurants, is theft by employees, says Mike Compton, President of DIGIOP, a loss- prevention company based in Indianapolis.

“ U.S. companies lose $40 billion a year in employee theft, according to the U.S. Chamber of Commerce, and retailers are among the hardest hit. Our goal is to help make that a thing of the past.”— Mike Compton, CEO, DIGIOP

“Loss can come from employees taking cash and then voiding a sale or helping themselves to merchandise and food, etc. Because there can be a high turnover in these businesses, employers and companies often can’t catch up or are just resigned to this loss as a ‘cost of doing business,’” Compton points out. “We try to help our clients be more strategic and stop that loss where it happens,” he continues. That includes his company’s solution, which integrates video monitoring with accounting and combines them in a dashboard.

Risks Faced in Other Industries

As mentioned, virtually every industry faces its own types of risks. Savvy CEOs and other business leaders have their eyes open about potential risks and oversee the implementation of the right risk management solution for their industry. Here are some of the risks faced by industries other than retail:

Insurance: Insurance companies face a constantly evolving landscape of risk, measuring ever-shifting changes in population, geography, etc.
Healthcare and Health Insurance: Healthcare providers are bound by strict protocols, including HIPAA, and can face risk regarding how a doctor diagnoses or treats a patient. Now, health insurance companies must comply with the U.S. Affordable Care Act, in addition to following insurance industry regulations.
Manufacturing: Manufacturing companies face risks in their supply chains, in the actions or inactions of their vendors , in their plants (safety issues), and in other areas.
Transportation: Numerous factors affect transportation companies, including the price of gasoline, supply and demand, and potential supply chain and manufacturing risks.
Entertainment: Even the entertainment industry isn’t free of risk, as people steal artists’ work or sample it without permission.Moreover, companies may assess artists’ royalties incorrectly, etc.
Nonprofits: NGOs, educational facilities, and nonprofit organizations also face risks in their interactions with the communities around them, in adherence to regulations, and in auditing.

Incorporating Compliance and Governance into Enterprise Risk Management

Industries face unique risks regarding compliance and governance issues. As the government imposes more regulations to help consumers, companies must quickly adapt to the increasing number and types of compliance regulations. These can include the following:

Government Regulations: The city, state, and federal governments can all have their own regulations with which companies must comply. For example, manufacturing and transportation companies typically must limit their carbon emissions according to local, state, and federal laws. Noncompliance exposes these companies to major risks concerning their operations and reputations.
International Regulations: Industries that do business globally face additional types of risks and challenges. Some transactions are governed by international agreements, while others are subject to requirements and regulations in the individual countries where a company does business. These restrictions may include language and cultural issues, and noncompliance can pose a huge risk for a company.
HIPAA: The Health Insurance Portability and Accountability Act of 1996 applies to the security of all health information related to individuals. Breaches of protected health information pose an enormous risk to healthcare companies, as well as individual providers. Compliance protocols must be followed to the letter. If they are not, the government can penalize the entire institution.
Financial Regulations: After the recession of 2007-09, Congress enacted many laws intended to prevent a similar financial crisis. These include regulations governing sub-prime mortgages and other risky practices.

Other industries belong to their own relevant trade associations, which include voluntary compliance to any related regulations. One example is the Motion Picture Association of America, which rates Hollywood films distributed to wide audiences.

Enterprise Risk Management Policy: The Best Practices of Implementing a Policy and Identifying KRIs

A comprehensive ERM policy statement supplies a high-level overview of an organization’s ERM program and guides its members to effective risk management. The board of directors usually approves it, and the statement contains the chief tenets of the organization’s ERM program. “The transparency and buy-in from the entire company is essential,” emphasizes Monteith. “It’s so important to have a risk strategy, not just a policy,” he says. “This will help the organization understand where all the risks reside and how to assign ownership of monitoring and addressing those risks.” Monteith’s company helps clients transfer the risks they can out of the organization and into insurance policies. For those risks that remain, “We help the client evaluate how to manage them and align them with the company’s overall mission and vision. It’s also important that at the most senior level, the risk appetite of the company is understood,” Monteith notes. An ERM policy is broad and detailed, covering the known key risk indicators (KRIs). These could include the failure to meet sales projections, workforce availability, the strength or weakness of the dollar, etc. “The key to an ERM policy that works in the current environment,” Monteith explains, “is that it must be a continuing conversation. The company should be in a continual state of implementing, monitoring, addressing, and re-adjusting.” A KRI roadmap can be a strong guide in this process.

“Having a strategic risk management policy also helps companies think ahead and be agile,” Monteith addes. “We hear people say, ‘But something like that has never happened before. Why should we prepare for it?’ And we say, ‘because there is always the risk of events that can be transformational.’” Companies whose risk management policies foster this kind of agility and questioning may be best armed for the unexpected risks they could face. An ERM framework is different from a policy. The policy comes first, and the framework is built to support it. The policy states the overarching goals of risk reduction in an organization. The framework can be as granular as needed so that those throughout the company can have all the guidance they require to reduce risk. “Companies should also be increasingly evaluating their own risk culture ,” recommends Alasdair Wood, Director, Human Capital and Benefits, Willis Towers Watson, in London. “In short, this involves a company’s defining what are acceptable, even necessary, risks its employees can take and what are unacceptable. It comes down to empowering employees to take the right risks in an informed manner. No more, no less,” concludes Wood.

Enterprise Risk Management Frameworks and How to Use Them

An ERM framework is a useful tool in helping teams visualize the risks and ownership, as well as the responsibility for monitoring and addressing those risks. To learn more about different frameworks, including how to create a custom ERM framework, see "Guide to Enterprise Risk Management Frameworks" (this article link).

Enterprise Risk Management Maturity Models

An enterprise risk management maturity model consists of two axis of desired business outcomes measured against investments and a timeline. Ideally, a strategic organization working on enterprise risk management will see its progress go up and to the right over time. As a company matures, so should its strategic implementation of risk management.

Source: IDC Financial Insights The nonprofit Risk Management Society, known as RIMS, is another useful resource. The organization offers a free tool online to create your own risk maturity model. You can adapt it to any enterprise in any industry. To learn more about the RIMS risk maturity model, see "Guide to Enterprise Risk Management Frameworks".

Enterprise Risk Management: The Experts’ View

Experts who work with enterprises see a rapidly changing terrain of newer potential risks. “The companies that are agile and continually revisiting their risk policy and plan are the ones most likely to respond quickly and well if something happens,” Monteith says. The current risks, though, are likely to remain risks for the foreseeable future. They include employee theft and human error. “Being able to monitor an employee’s actions at the cash register, or throughout the store, is a huge opportunity for retailers and others doing transactions and selling goods and services,” says Compton. Making even a small dent in that $40 million loss related to employee theft could save companies significant amounts of money. Monteith believes that where there are catastrophic failures in business, it’s clear that human error was a factor. “Lehman Brothers, the failure of which led to the financial crisis, clearly misidentified and recklessly managed enterprise risks,” he stresses. Another tragic example of mismanaged risk is the 2013 derailment of a train carrying fuel oil through the Québec town of Lac-Mégantic. “The train was unstaffed. There were no brakes, and on and on, resulting in a catastrophic loss of life,” Monteith says. Thirteen people were killed and many more injured. In the investigation that followed, authorities cited 18 different factors as reasons for the crash. According to CNN , those included a "weak safety culture" in the railroad that carried the oil, a law requiring, but rarely enforcing, safety plans from the industry, and a train composed almost entirely of substandard tanker cars. “There was a clear disconnect between the organization’s goals and risk management on an operational level,” Monteith remarks. Some companies have done a good job in mitigating risk when dealing with threats. Tylenol faced a crisis in 1982 when an unknown person laced several Chicago-area bottles of the drug with potassium cyanide, resulting in at least seven deaths . The company immediately pulled all its products from retail shelves, restocking them only after creating the now-ubiquitous seal under the lid. Home Depot and Target immediately reached out to customers and the media when they learned credit-card data had been hacked and stolen.

The Benefits of Using Enterprise Risk Management Software

Most large enterprises use risk management software or systems to help identify, monitor, and communicate risks associated with a given set of assets. Typically, the solutions collect data from throughout the business to indicate where risks may lie and then display results on a dashboard. These systems also notify businesses (or, specifically, the owner of the particular risk issue) of these occurrences, including security breaches. In this era of doing business at internet speed, the benefits of using risk management software are substantial. Some benefits to organizations include:

Increased Shareholder Value: Mitigating risk efficiently results in a better brand and reputation, boosting stock prices.
Optimized Risk/Return Outcomes: The more quickly you identify and address risk, the better the outcomes for the whole company.
Greater Transparency: Managers and others gain the ability to tackle projects with the best risk/reward outcomes.
Prioritization: The company can monitor and manage higher-risk initiatives more closely as needed.
Reduced Compliance Costs: An in-house solution that integrates compliance and regulatory processes results in lower costs.
Strengthened Operations: As a company identifies, addresses, and prevents risks according to the risk maturity model, operations become progressively more efficient and streamlined.

Enterprise Risk Management Educational Opportunities and Resources

There are plenty of educational resources, organizations, and events that enterprises can turn to for help and advice. They include:

RIMS and the RIMS Annual Conference
The Conference Board of Canada: ERM
RMA’s Annual Risk Management Conference
The Smartsheet risk management certification guide
The North Carolina State University Enterprise Risk Management Studies program
The University of California Office of the President Risk Summit
The National Association of College and University Business Officers’ 2013 report on enterprise risk management
The Protiviti FAQ Guide to Enterprise Risk Management

You can also read our How to Choose the Right risk Management Certification for You article to learn about the types of certificates available and the opportunities having one can garner.

Smartsheet: An Essential Tool for Enterprise Risk Management Professionals

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change.

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed.

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time. Try Smartsheet for free, today.

Any articles, templates, or information provided by Smartsheet on the website are for reference only. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

Information

Author Services

Initiatives

You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.

All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .

Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.

Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.

Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.

Original Submission Date Received: .

Active Journals
Find a Journal
Proceedings Series
For Authors
For Reviewers
For Editors
For Librarians
For Publishers
For Societies
For Conference Organizers
Open Access Policy
Institutional Open Access Program
Special Issues Guidelines
Editorial Process
Research and Publication Ethics
Article Processing Charges
Testimonials
Preprints.org
SciProfiles
Encyclopedia

Article Menu

Subscribe SciFeed
Recommended Articles
Google Scholar
on Google Scholar
Table of Contents

Find support for a specific problem in the support section of our website.

Please let us know what you think of our products and services.

Visit our dedicated information section to learn more about MDPI.

JSmol Viewer

Triangulating risk profile and risk assessment: a case study of implementing enterprise risk management system.

1. Introduction

2. background on the firm, 3. erm literature review, 4. sample and questionnaire data, 5. risk profile and risk assessment, 6. mitigation strategies, 7. conclusions, 8. case requirements.

Using the average coded responses to selected questions in each of the five risk areas in Table 7 , provide a 500-word summary of the firm’s risk profile.
Complete the risk matrix in Table A1 , below, by using the input measures from Table 8 : average of likelihood, impact on annual revenue growth, and level of control, along with variance of the expected impact and average control.
rank the ten risk categories by (i) their expected impact, (ii) by an equally weighted index of expected impact and average control, and (iii) by an equally weighted index of three indices: expected impact, opinion convergence on expected impact, and opinion convergence on control.
create an equally weighted consolidated ranking of the above three rankings and re-rank the ten risk categories.
Develop a risk map of all ten risks identified for the firm.
Using the input in Table 1 , the questionnaire results, and quantitative risk metrics in Table 7 and Table 8 , along with the discussion on key sources and drivers of risk in Section 6 , propose mitigation strategies for the top six risks selected by the board.

Author Contributions

Data availability statement, conflicts of interest, appendix a. instructor’s notes, appendix a.1. background and introduction, appendix a.2. case requirements: implementation.

Risk Category	Average Expected Impact	Opinion Convergence (Expected Impact)	Opinion Convergence (Control)
Strategic Risk
Innovation Risk
Information and Security Risk
Geopolitical Risk
Financial Risk
Regulatory and Legal Risk
Operational Risk
Credit and Product Risk
Human Resources Risk
Reputation Risk

Risk Category	Average Probability	Average Expected Impact	Average Control	Opinion Convergence (Expected Impact)	Opinion Convergence (Control)
Strategic Risk	46.46%	−0.16	4.23	0.71	0.1313
Innovation Risk	54.26%	−0.15	4.30	0.4	0.1271
Information and Security Risk	61.67%	−0.14	4.00	0.74	0.1428
Geopolitical Risk	51.30%	−0.15	3.95	0.63	0.1427
Financial Risk	48.10%	−0.17	4.05	0.28	0.1042
Regulatory and Legal Risk	45.56%	−0.14	3.95	0.22	0.1227
Operational Risk	44.81%	−0.16	3.76	0.36	0.0949
Credit and Product Risk	57.14%	−0.19	3.76	0.51	0.1282
Human Resources Risk	53.33%	−0.15	3.65	0.3	0.1185
Reputation Risk	42.08%	−0.16	3.35	0.6	0.1282

Risk Category	Rank (1)	Rank (2)	Rank (3)	Consolidated Ranking
Strategic Risk	3	5	7	6
Innovation Risk	4	6	5	6
Information and Security Risk	5	5	9	7
Geopolitical Risk	4	3	8	6
Financial Risk	2	3	1	1
Regulatory and Legal Risk	5	4	3	5
Operational Risk	3	2	2	2
Credit and Product Risk	1	1	4	1
Human Resources Risk	4	2	3	3
Reputation Risk	3	1	6	4

Risk Categories	Key Drivers of Risks	Mitigation Strategies
Strategic		Developed a new 5-year, 2017–2022, strategic plan establishing more clearly the firm’s mission and vision, creating strategies and tactics aligning the firm’s operational, financial, risk management, and marketing/communication goals. Created a stand-alone risk committee as a sub-committee of the board. Provided regular progress reports to the board on realizing the goals of the plan. Used risk-adjusted criteria to assess the valuation implications of new projects. Produced quarterly global economic and environmental scans to review the plan’s goals and strategies, recommending possible changes.
Innovation		Established a portfolio approach whereby the financial and human resources are allocated strategically and optimally to enhance innovation in core offerings, adjacent opportunities, and, particularly, transformational territories achieved through geographic diversification. Promoted a more effective dialog between staff, senior executives, and the board on new initiatives. Incentivized staff to experiment with new ideas. Aligned the R&D budget with best practices by comparable entities. Used risk-adjusted approaches to measure the value proposal of R&D projects.
Informational and Security		Hired a Chief Informational Officer (CIO) who was responsible for developing and executing policies to manage the global network of information. Key steps included the synchronization and consolidation of email platforms, launching software and hardware for document management, establishing effective patches to detect and defuse cyber-attacks, and aligning information technology policies with strategic planning.
Geopolitical		Incorporated country risk analysis information regularly published by the International Monetary Fund (IMF) and the World Bank (WB) to better assess geographic risks and their implications for ongoing and new initiatives. Established quarterly country-based reports from foreign field offices. Secured a global insurance contract against losses occurring from travel bans, visa restrictions, kidnappings, and nationalizations.
Financial		Systematically shifted revenue sources, such that the contribution of non-governmental projects would increase to 30% from its existing level of 5% of annual revenues in 5 years. Planned to increase liquidity ratios by 30% over 5 years. Established quarterly revenue scenario exercises to stress test the financial health of the firm. Implemented an optimal currency model to manage the FX risk of foreign revenues. Developed and implemented risk-adjusted valuation approaches related to R&D investments.
Regulatory		Reported and regularly updated U.S. Federal/State- and country-specific compliance measures. Established quarterly country-based regulatory reports from foreign field offices. Secured a global insurance contract to cover the losses due to third-party liability.

1
2
3
4	( ) for an approach to estimating the cost of capital for privately held firms.

Aabo, Tom, John Fraser, and Betty Simkins. 2005. The Rise and Evolution of the Chief Risk Officer: Enterprise Risk Management at Hydro One. Journal of Applied Corporate Finance 17: 62–75. [ Google Scholar ] [ CrossRef ]
Beasley, Mark, Richard Clune, and Dana Hermanson. 2005. Enterprise Risk Management: An Empirical Analysis of Factors Associated with the Extent of Implementation. Journal of Accounting and Public Policy 24: 521–31. [ Google Scholar ] [ CrossRef ]
Fabrigar, Leandre, Duane Wegener, Robert MacCallum, and Erin Strahan. 1999. Evaluating the use of exploratory factor analysis in psychological research. Psychological Methods 4: 272–99. [ Google Scholar ] [ CrossRef ]
Farrell, Mark, and Ronan Gallagher. 2014. The Valuation Implications of Enterprise Risk Management Maturity. The Journal of Risk and Insurance 82: 625–67. [ Google Scholar ] [ CrossRef ]
Fraser, J., and B. Simkins. 2010. Enterprise Risk Management . Hoboken: John Wiley and Sons. ISBN 9780470499085. [ Google Scholar ]
Fraser, John, Betty Simkins, and Kristina Narvaez. 2014. Implementing Enterprise Risk Management: Case Studies and Best Practices . Hoboken: John Wiley and Sons. [ Google Scholar ]
Froot, Kenneth, David Scharfstein, and Jeremy Stein. 1993. Risk Management: Coordinating Investment and Financing Policies. Journal of Finance 48: 1629–58. [ Google Scholar ] [ CrossRef ]
Grace, Martin, J. Tyler Leverty, Richard Phillips, and Prakash Shimpy. 2014. The Value of Investing in Enterprise Risk Management. The Journal of Risk and Insurance 82: 289–316. [ Google Scholar ] [ CrossRef ]
Harrington, Scott, Greg Niehaus, and Kenneth J. Risko. 2002. Enterprise Risk Management: The Case of United Grain Growers. Journal of Applied Corporate Finance 14: 71–81. [ Google Scholar ] [ CrossRef ]
Hoyt, Robert E., and Andre P. Liebenberg. 2011. The Value of Enterprise Risk Management. Journal of Risk and Insurance 78: 795–822. [ Google Scholar ] [ CrossRef ]
Hristov, Ivo, Riccardo Camilli, Antonio Chirico, and Alessandro Mechelli. 2022. The Integration between Enterprise Risk Management and Performance Management System: Managerial Analysis and Conceptual Model to Support Strategic Decision-Making Process. Production Planning & Control , 1–14. [ Google Scholar ] [ CrossRef ]
Jalilvand, Abol, and John W. Kostolansky. 2016. Le Beau Footwear: A Business Valuation Case for a Privately Held Firm. Issues in Accounting Education 31: 439–47. [ Google Scholar ] [ CrossRef ]
Jalilvand, Abol, and Sidharth Moorthy. 2022. Enterprise Risk Management (ERM) Maturity: A Clinical Study of a U.S. Multinational Nonprofit Firm” (with S. Moorthy). Journal of Accounting, Auditing, and Finance . [ Google Scholar ] [ CrossRef ]
Jensen, Michael C., and William H. Meckling. 1976. Theory of the Firm: Managerial Behavior, Agency Costs and Ownership Structure. Journal of Financial Economics 3: 305–60. [ Google Scholar ] [ CrossRef ]
Kraus, Alan, and Robert Litzenberger. 1973. A State Preference Model of Optimal Financial Leverage. Journal of Finance 28: 911–22. [ Google Scholar ]
Leland, Hayne E., and David H. Pyle. 1977. Informational Asymmetries, Financial Structure, and Financial Intermediation. Journal of Finance 32: 371–88. [ Google Scholar ] [ CrossRef ]
Lindberg, Deborah L., and Deborah L. Seifert. 2011. A Comparison of U.S. Auditing Standards with International Standards on Auditing. The CPA Journal 81: 17–21. [ Google Scholar ]
McShane, Michael K., Anil Nair, and Elzotbek Rustambekov. 2011. Does Enterprise Risk Management Increase Firm Value? Journal of Accounting, Auditing and Finance 26: 641–58. [ Google Scholar ] [ CrossRef ]
Miller, Merton. 1977. Debt and Taxes. Journal of Finance 32: 261–75. [ Google Scholar ]
Miller, Merton H., and Franco Modigliani. 1958. The Cost of Capital, Corporation Finance and the Theory of Investment. American Economic Review 48: 261–97. [ Google Scholar ]
Miller, Merton H., and Franco Modigliani. 1963. Corporate Income Taxes and the Cost of Capital: A Correction. American Economic Review 53: 433–43. [ Google Scholar ]
Nocco, Brian W., and René M. Stulz. 2006. Enterprise Risk Management: Theory and Practice. Journal of Applied Corporate Finance 18: 8–20. [ Google Scholar ] [ CrossRef ]
Rosenburg, Joshua V., and Til Schuermann. 2006. A General Approach to Integrated Risk Management with Skewed, Fat-Tailed Risks. Journal of Financial Economics 79: 569–614. [ Google Scholar ] [ CrossRef ]
Ross, Stephen A. 1977. The Determination of Financial Structure: The Incentive Signaling Approach. Bell Journal of Economics 8: 23–40. [ Google Scholar ] [ CrossRef ]
Samanta, P., T. Azarchs, and J. Martinez. 2004. The PIM Approach to Assessing the TRM Practices of Financial Institutions . New York: Standard and Poor’s/McGraw-Hill. [ Google Scholar ]
Shad, Muhammad Kashif, Fong-Woon Lai, Amjad Shamin, Michael McShane, and Sheikh Muhammad Zahid. 2022. The relationship between enterprise risk management and cost of capital. Asian Academy of Management Journal 27: 79–103. [ Google Scholar ]

Revenues	2017	2016	2015	2015–2017 Change
Government Grant	275.0614	295.4502	313.2000	−12.18%
Non-Government Grant	22.0650	23.6250	25.0000	−11.74%
Tuitions	92.1876	98.7053	104.4500	−11.74%
Administrative Fees	41.9235	44.8875	47.5000	−11.74%
Fund Raising	1.8700	2.2500	2.7500	−32.00%
Investment Income	3.2500	2.2900	1.5000	116.67%
Other Income	4.9426	5.2920	5.6000	−11.74%
Total Revenues	441.3000	472.5000	500.0000	−11.74%

Student Exchanges	143.0067	147.2570	156.8825	−8.84%
Program Expenses	153.1890	169.8350	170.8000	−10.31%
Salary and Pension	88.6176	92.2720	98.2000	−9.76%
Depreciation and Amortization	2.2654	2.2700	2.3846	−5.00%
Repair and Maintenance	1.2180	1.3100	1.4329	−15.00%
Transportation	33.1757	37.2810	43.3500	−23.47%
Taxes	1.1900	1.3000	1.2000	−0.83%
Miscellaneous Expenses	5.9378	6.5250	8.7500	−32.14%
Total Expenses	428.600	458.050	483.000	−11.26%
Net Surplus (Deficit)	12.7000	14.4500	17.0000	−25.29%

Sample of Risk Owners	Identify a representative and diverse group of functional risk owners (managers/executives in field offices with major P/L responsibilities), senior executives, and board members.
Education	Develop and deliver a short educational module for the sample group to create a uniform level of understanding on the dynamics and application of ERM.
Questionnaire	Administer and analyze a focused questionnaire covering multiple risk management areas including risk culture, risk recognition, risk organization, risk governance, risk control, and risk measurement.
Synthesis and Risk Assessment	Synthesize and compile the results obtained from the questionnaire. Develop a detailed multidimensional risk table identifying and prioritizing the existing and potential risks.
Mitigation	Develop mitigation strategies for the top risks.
Review	Review and assess, on an ongoing basis, the effectiveness of the proposed risk management system.

Risk Areas	Definition
Risk Culture	The questions in this segment are designed to elucidate the interplay between the organization’s strategy, goals, decision-making processes, risk appetite, and risk management philosophy.
Risk Governance	The questions in this segment focus on the board structure, processes, and levels, and the effectiveness of the board’s involvement, knowledge, and transparency in devising strategies to carry out risk management decisions.
Risk Organization	This section focuses on the administrative and operational nature of capturing, communicating, reporting, monitoring, and compliance related to risk management actions.
Risk Recognition	This segment is designed to elucidate the organization’s ability to identify risks, distinguish risks from opportunities, recognize risk metrics, and increase awareness of fraudulent activities.
Risk Control	The questions in this segment have been designed to gauge the firm’s level of existing control regarding overall risk exposure.
Risk Assessment	Devise and implement consistent multi-dimensional risk indices, which are used to assess and prioritize potential categories of risks.

Maturity (Level)	Maturity-Level Characteristics
Ad hoc (1)	This implies an extremely primitive level of ERM maturity, where risk management typically depends on the actions of specific individuals, with improvised procedures and poorly understood processes.
Initial (2)	Risk is managed in silos, with little integration or risk aggregation.Processes typically lack discipline and rigor. Risk definitions often vary across the silos.
Repeatable (3)	A risk assessment framework is generally in place, with the Board of Directors being provided with risk overviews. Approaches to risk management are established and repeatable.
Managed (4)	Enterprise-wide risk management activities, such as monitoring, measurement, and reporting, are integrated and harmonized, with measures and controls established.
Leadership (5)	Risk-based discussions are embedded at a strategic level, such as long-term planning, capital allocation, and decision-making. Risk appetite and tolerances are clearly understood, with alerts in place to ensure that the board of directors and the executive management are made aware when risk thresholds are exceeded.

Operational Risk	Risks resulting from inadequate or failed procedures, systems, processes, or policies. It includes employee errors, business interruptions, fraud or other criminal activity, equipment failure, logistical bottlenecks, third-party liability, employee safety, timeliness, and accuracy.
Financial and Market Risk	Risks resulting from a shortfall in revenues and/or cost escalation, accumulated losses, diminished liquidity, problems in meeting financial obligations, diminished credit rating, forecasting and valuation errors, audit problems, portfolio losses, and poor hedging against market volatility (interest rates, exchange rates, and stock prices).
Regulatory and Legal Risk	Risks resulting from lawsuits and unpredictable changes in the local and global regulatory environment and from noncompliance with statutory and accreditation rules.
Strategic Risk	Risks resulting from poor articulation and communication of goals and strategies, misalignment of the strategic plan and corporate governance, an uninformed board, and a lack of established and effective review processes.
Human Resources Risk	Risks resulting from problems in employee recruitment and retention, low labor productivity, and a sub-optimal compensation system.
Innovation Risk	Risks resulting from inertia in identifying and implementing new products and services in local and foreign markets in response to political, macroeconomic, and market changes.
Geopolitical Risk	Risks resulting from political changes, sanctions, travel bans, economic and political retaliation, and the nationalization of foreign assets and establishments.
Credit Risk	Risks resulting from competition, economic slowdown/slow recovery, supply chain disruption, embargoes, customer attrition, changes in customers’ expectations and demand, and changes in customers’ financial capacity.
Informational/Security Risk	Risks resulting from cyber security attacks and hacking, using outdated and inefficient information systems (technology obsolescence), and communication system failure.
Reputation Risk	Risks resulting from a decline in or lack of brand and image, the loss of customers’ trust, negative publicity, recruitment challenges, and fundraising problems.


Very Low p < 0.15	Low 0.15 < p < 0.3	Medium 0.3 < p < 0.5	High 0.5 < p < 0.75	Very high p > 0.75	Ad hoc	Initial	Repeatable	Managed	Leadership

Very Negative −25% < G < −50%		Negative 0% > G < −25%		Neutral 0%		Positive 0% < G < 40%		Very Positive G > 40%

Risk Areas	Average Score	Sectional Average
Risk Culture
Overall, is the firm willing to take any magnitude of risk in order to achieve strategic objectives?	2.37	2.70
How are the critical competencies of the firm structured, in a range from “Operational” to “Entrepreneurial”?	2.61
How do you describe the reward structure of the company, in a range from “Margins and Productivity” to “Milestones and Growth”?	2.63
Is the organizational culture:	2.98
-“Efficiency, Low Risk, Quality, Customers”,
-“Risk Taking, Speed, Flexibility, and Experimentation”, or
-somewhere in between?
Rate the leadership role from being “Authoritative and Top Down” to “Visionary and Involved”.	2.77
How would you rank the strategic and related objectives defined by the organization, in a range from “Unclear and Unfocused” to “Planned and Transparent”?	2.82
Based on the reflection above, rate the firm’s overall risk management culture.	2.75
Risk Recognition
What type of forces, internal and external, impact the risk management culture described above, in a range from “Entirely Internal” to “Entirely External”?	2.85	2.85
Rate the organization’s ability to distinguish risk vs. opportunity.	2.19
What are the most relevant assessment metrics for quantifying significant measurable risks and incorporating them into the decision-making process, in a range from “Entirely Qualitative” to “Entirely Quantitative”?	3.05
How susceptible is the firm to fraud? Which areas are most susceptible to the same?	3.45
Based on the reflection above, rate your department’s overall risk recognition capabilities.	2.69
Risk Organization
How effective is the organization in capturing risk information and communicating it to various constituencies (government, donors, clients, staff, and the board)?	1.82	2.70
Do communication barriers exist within the organization when addressing risk?	3.42
How often do you think the senior management involves the board and staff during the strategy-setting process, including when making decisions to accept or reject risk factors?	2.93
Rate the activities of writing down, prioritizing, and disseminating risk.	3.56
Rate the risk monitoring and reporting system within the organization.	2.36
Based on the reflection above, rate the firm’s risk management organizational capacity.	2.12
Risk Governance
Rate the board’s understanding of the organization’s priority risks and how those risks should be addressed.	2.37	2.47
How much do the senior executives involve the board in the assessment of strategic risks?	3.07
Rate the frequency with which the company revisits its risk assessment to determine whether the circumstances and conditions have changed or whether there are new emerging risks.	2.56
How confident are you about the organization not taking significant risks without the board’s knowledge?	1.79
How effective do you consider the organization’s risk management culture and governance functioning to be?	2.73
Based on the reflection above, rate the alignment between risk management and governance at the firm.	2.32
Risk Control
How well-defined are the risk management goals in terms of ongoing strategic activities: in a range from “Unclear and Unfocused” to “Planned and Transparent”?	3.12	3.10
How do you rate the quality, reliability, and relevance of the risk reporting?	2.76
How effective are the ongoing monitoring activities (e.g., compliance monitoring, risk management group, board monitoring, etc.)?	2.93
Rate the risk measuring methodology adopted by the firm when each risk is measured, on an individual level.	3.20
Rate the risk measuring methodology adopted by the firm when each risk is measured, on an enterprise level.	2.09
Does the company have a rising learning curve with regard to its risk assessment and management process?	4.47

Risk Category	Average Probability	Average Impact	Average Control	Variance Expected Impact	Variance Control
Strategic Risk	46.46%	−0.3444	4.23	0.0129	0.3085
Innovation Risk	54.26%	−0.2764	4.30	0.0036	0.2987
Information and Security Risk	61.67%	−0.2270	4.00	0.0107	0.3263
Geopolitical Risk	51.30%	−0.2924	3.95	0.0089	0.3177
Financial Risk	48.10%	−0.3534	4.05	0.0023	0.1781
Credit and Product Risk	57.14%	−0.3325	3.76	0.0094	0.2324
Operational Risk	44.81%	−0.3571	3.76	0.0057	0.1273
Regulatory and Legal Risk	45.56%	−0.3073	3.95	0.0009	0.2349
Human Resources Risk	53.33%	−0.2813	3.65	0.0020	0.1871
Reputation Risk	42.08%	−0.3802	3.35	0.0092	0.1844

The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

Jalilvand, A.; Moorthy, S. Triangulating Risk Profile and Risk Assessment: A Case Study of Implementing Enterprise Risk Management System. J. Risk Financial Manag. 2023 , 16 , 473. https://doi.org/10.3390/jrfm16110473

Jalilvand A, Moorthy S. Triangulating Risk Profile and Risk Assessment: A Case Study of Implementing Enterprise Risk Management System. Journal of Risk and Financial Management . 2023; 16(11):473. https://doi.org/10.3390/jrfm16110473

Jalilvand, Abol, and Sidharth Moorthy. 2023. "Triangulating Risk Profile and Risk Assessment: A Case Study of Implementing Enterprise Risk Management System" Journal of Risk and Financial Management 16, no. 11: 473. https://doi.org/10.3390/jrfm16110473

Article Metrics

Article access statistics, further information, mdpi initiatives, follow mdpi.

Subscribe to receive issue release notifications and newsletters from MDPI journals

(Stanford users can avoid this Captcha by logging in.)

Send to text email RefWorks EndNote printer

Implementing enterprise risk management : case studies and best practices

Available online.

Safari Books Online

More options

Find it at other libraries via WorldCat
Contributors

Description

Creators/contributors, contents/summary.

Foreword xiii
1 Enterprise Risk Management Case Studies: An Introduction and Overview 1 John R.S. Fraser, Betty J. Simkins, and Kristina Narvaez PART I Overview and Insights for Teaching ERM 17
2 An Innovative Method to Teaching Enterprise Risk Management: A Learner-Centered Teaching Approach 19 David R. Lange and Betty J. Simkins PART II ERM Implementation at Leading Organizations 37
3 ERM at Mars, Incorporated: ERM for Strategy and Operations 39 Larry Warner
4 Value and Risk: Enterprise Risk Management at Statoil 59 Alf Alviniussen and H *akan Jankensgard
5 ERM in Practice at the University of California Health System 75 Grace Crickette
6 Strategic Risk Management at the LEGO Group: Integrating Strategy and Risk Management 93 Mark L. Frigo and Hans Laessoe
7 Turning the Organizational Pyramid Upside Down: Ten Years of Evolution in Enterprise Risk Management at United Grain Growers 107 John Bugalla
8 Housing Association Case Study of ERM in a Changing Marketplace 119 John Hargreaves
9 Lessons from the Academy: ERM Implementation in the University Setting 143 Anne E. Lundquist
10 Developing Accountability in Risk Management: The British Columbia Lottery Corporation Case Study 179 Jacquetta C. M. Goy
11 Starting from Scratch: The Evolution of ERM at the Workers Compensation Fund 207 Dan M. Hair
12 Measuring Performance at Intuit: A Value-Added Component in ERM Programs 227 Janet Nasburg
13 TD Bank s Approach to an Enterprise Risk Management Program 241 Paul Cunha and Kristina Narvaez PART III Linking ERM to Strategy and Strategic Risk Management 251
14 A Strategic Approach to Enterprise Risk Management at Zurich Insurance Group 253 Linda Conrad and Kristina Narvaez
15 Embedding ERM into Strategic Planning at the City of Edmonton 281 Ken Baker
16 Leveraging ERM to Practice Strategic Risk Management 305 John Bugalla and James Kallman PART IV Specialized Aspects of Risk Management 319
17 Developing a Strategic Risk Plan for the Hope City Police Service 321 Andrew Graham
18 BlueWood Chocolates 335 Stephen McPhie and Rick Nason
19 Kilgore Custom Milling 363 Rick Nason and Stephen McPhie
20 Implementing Risk Management within Middle Eastern Oil and Gas Companies 377 Alexander Larsen
21 The Role of Root Cause Analysis in Public Safety ERM Programs 397 Andrew Bent
22 JAA Inc. A Case Study in Creating Value from Uncertainty: Best Practices in Managing Risk 427 Julian du Plessis, Arnold Schanfield, and Alpaslan Menevse
23 Control Complacency: Rogue Trading at Societe Generale 461 Steve Lindo
24 The Role of VaR in Enterprise Risk Management: Calculating Value at Risk for Portfolios Held by the Vane Mallory Investment Bank 489 Allissa A. Lee and Betty J. Simkins
25 Uses of Efficient Frontier Analysis in Strategic Risk Management: A Technical Examination 501 Ward Ching and Loren Nickel PART V Mini-Cases on ERM and Risk 523
26 Bim Consultants Inc. 525 John R.S. Fraser
27 Nerds Galore 529 Rob Quail
28 The Reluctant General Counsel 535 Norman D. Marks
29 Transforming Risk Management at Akawini Copper 539 Grant Purdy
30 Alleged Corruption at Chessfield: Corporate Governance and the Risk Oversight Role of the Board of Directors 547 Richard Leblanc
31 Operational Risk Management Case Study: Bon Boulangerie 555 Diana Del Bel Belluz PART VI Other Case Studies 559
32 Constructive Dialogue and ERM: Lessons from the Financial Crisis 561 Thomas H. Stanton
33 Challenges and Obstacles of ERM Implementation in Poland 577 Zbigniew Krysiak and S .lawomir Pijanowski
34 Turning Crisis into Opportunity: Building an ERM Program at General Motors 607 Marc S. Robinson, Lisa M. Smith, and Brian D. Thelen
35 ERM at Malaysia s Media Company Astro: Quickly Implementing ERM and Using It to Assess the Risk-Adjusted Performance of a Portfolio of Acquired Foreign Companies 623 Patrick Adam K. Abdullah and Ghislain Giroux Dufort About the Editors 649 Index 651.
(source: Nielsen Book Data)

Bibliographic information

Browse related items.

Stanford Home
Maps & Directions
Search Stanford
Emergency Info
Terms of Use
Non-Discrimination
Accessibility

Enterprise Risk Management

Integrating with Strategy and Performance

In keeping with its overall mission, the COSO Board commissioned and published in 2004 the Enterprise Risk Management—Integrated Framework. Over the past decade, that publication has gained broad acceptance by organizations in their efforts to manage risk. However, also through that period,

the complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of enterprise risk management while asking for improved risk reporting. This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. The updated document, titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance.

COSO issued a supplement with detailed examples for applying principles from the ERM Framework to day-to-day practices. This supplement, titled COSO Enterprise Risk Management - Integrating with Strategy and Performance: Compendium of Examples, was developed from industry practices identified through extensive research conducted when updating the Framework. Each example focuses on specific components covered in the Framework.

Written as a collection of case studies, the Compendium offers real-world advice about how to put the ERM Framework to use. Each case describes how a specific entity scaled and adapted the principles, and sets out a relationship between an organization’s mission, vision, and core values; its strategic goals and directions; and approaches used in carrying out its strategy.

University Professor/Student Discounts

For information on discounts available to qualified university professors and their students, please contact Joanna Dabrowska.

Integrating with Strategy and Performance: Compendium of Examples

The Compendium may be purchased from the following organizations:

The Business Case for Enterprise Risk Management

While it may be easy enough for risk professionals to appreciate the benefits that ERM can bring in driving robust risk management processes within an organization, it may be trickier to put the case for ERM investment to senior management, boards, or business owners. If you’re tasked with justifying ERM as a business performance driver, with a view to implementing an ERM solution, here are some key considerations that might just help to strengthen your case:

Get people thinking about business risks and their implications

The risk landscape is constantly evolving and traditional approaches to risk management lack the agility to adapt to unforeseen or emerging risks. What type of risks affects or could affect the business and what would happen if these risks aren’t managed? Questions around the impact of the current economic environment and legislative changes on the business, how the business is performing compared to its key competitors, and what events could damage the business’ reputation or market position will help you to articulate the value of ERM.

Do your homework – prepare a comprehensive ‘argument’ for ERM

With the buy-in of senior management in mind, it can be worthwhile to set out and explain exactly what modern enterprise-wide risk management is and rather than presenting a complex ERM model and methodology, provide a clear outline of why it is necessary, the business objectives it can address and the value propositions for respective stakeholders and decision-makers.

What exactly can be achieved by raising the profile of risk management and implementing an ERM approach within your organization? Business objectives may include:

Encouraging a risk-aware culture
The ability to identify and effectively treat risks that can be detrimental, whilst identifying and seizing opportunities as they arise
Building a center of excellence for risk management
Standardizing risk evaluation
Embedding risk management within strategic decision-making, business planning, and day-to-day activity
ERM – persistence pays off

Through your own research and/or prior experience, you will likely appreciate that effective risk management can help reduce operational surprises and mitigate losses, improve awareness of risks and enhance internal controls, promote a ‘healthy’ risk culture and ensure an aligned, consistent approach across the organization. But how do you get leadership buy-in?

“We must consistently, convincingly, and relentlessly articulate the value of ERM. We must lead by example, ensuring the needs of the business come first,” emphasizes Sam Elwell in ‘Making the Investment Case for ERM’ published in Enterprise Risk, the official magazine of the Institute of Risk Management. “To get from a blank slate to an effective and trusted ERM function, one-word springs to mind – persistence.”

Key ERM Benefits at-a-glance:

The ability to balance risk versus reward – some risks pose opportunities
Improved shareholder value and governance
Maximized scope for business success
Reduced operational losses and costs
Aligned risk appetite, tolerance, and strategy
Optimized resource allocation based on prioritized risks
Enhanced decision-making
Improved risk awareness and better risk responses
Develop risk policies, processes, and procedures

In putting the case for ERM, it may be useful to scope out the roles and responsibilities of each party involved in risk management within your organization. Depending on the scale and nature of the enterprise, they may include business owners or board members, audit and risk functions, senior management, risk owners, and in some organizations, depending on risk culture, all employees.

Some may find it beneficial to promote a center of excellence for risk management – a risk management function dedicated to devising and enforcing risk management policies and procedures for the organization. A team who will co-ordinate, review and consolidate risk reporting, whilst monitoring the approach to risk management and its effectiveness.

It may also be useful to define and share your organization’s risk appetite statement, risk tolerance limits, criteria for risk assessment and prioritization, plus risk identification, analysis, reporting, and monitoring procedures.

Use case studies to strengthen your case

Perhaps you can use the experiences of other organizations within your sector to demonstrate the value of ERM? Or, as suggests Elwell, you could create your own case study: ‘Select a risk with upside potential… Pick sensibly. You need to deliver tangible, positive outcomes. Use risk appetite as a green light, not a red. Focus attention on a small set of critical KRIs and KPIs which affect strategic objectives. Block out background noise and focus the business on what the business wants.

“Before you know it you have created your own case study where ERM has delivered tangible value, quickly, with little investment. The case study involves your business and better still, you. Leadership sees ERM in a positive light and trusts you to deliver value. You secure the investment in technology and talent and can expand your approach across the full risk profile.”

Countering cost objections

If your end-game is to get leadership buy-in to ERM software investment, be prepared to justify your position. Try to calculate the true costs of common risks to your business, factoring in where possible issues such as downtime, work missed, legal expenses, mitigation costs. How disruptive and costly would a major incident be, for instance?

Quantifying the cost of risks is difficult, but a cost/benefit analysis can aid decision-making. Ultimately, if reducing the frequency of events and the impact (cost) of those that do occur is greater than the cost of investing in the software itself, then the case is clearer still.

More homework – consider the ERM software solutions available on the marketplace that best suit your business requirements. Be ready to detail how they will be able to solve your risk, governance, and compliance challenges, save on time and resources, and address current administrative pain points.

Time-to-value is always important, so perhaps also think about cloud rather than on-premise deployment, so you can be up and running with ERM software sooner, benefiting from the functionality and attaining ROI.

Best-in-class ERM software

Sophisticated technology underpins ERM and supports business performance.

If you are keen to discover how ERM software can drive business performance within your organization, learn more about the technology behind leading-edge risk management, Project Risk Manager .

Share This, Choose Your Platform!

U.S. Army Successfully Combats Project Risks with Riskonnect’s Active Risk Manager

5 Project Management Risks and What You Can Do About Them

Elbit America Achieves Mission Success with Riskonnect’s Active Risk Manager

Case Study on Strong Risk Management Network
Yorkshire Building Society – Case Study
Case Study: How Schlumberger Revamped Its Risk...

Review our cookie policy

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.

Privacy Overview

Corpus ID: 169171314

Implementing Enterprise Risk Management: Case Studies and Best Practices

J. Fraser , Betty Simkins , Kristina Narvaez
Published 9 October 2014

26 Citations

The challenges of and solutions for implementing enterprise risk management.

Highly Influenced

Decentralized Enterprise Risk Management Issues under Rapidly Changing Environments

Rethinking the implementation of enterprise risk management (erm) as a socio-technical challenge, the effect of enterprise risk management on firm performance: a case study on turkey, improving operational risk management using business performance management technologies, enterprise risk management maturity: a clinical study of a u.s. multinational nonprofit firm, a theory of enterprise risk management, critical success factors of sustainability risk management (srm) practices in malaysian environmentally sensitive industries, the growing movement for enterprise risk management in government: the united states begins to catch up, risk assessment and quantification in manufacturing enterprise, related papers.

Showing 1 through 3 of 0 Related Papers

Get full access to Implementing Enterprise Risk Management: Case Studies and Best Practices and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Implementing Enterprise Risk Management: Case Studies and Best Practices

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Book description

Overcome ERM implementation challenges by taking cues from leading global organizations

Implementing Enterprise Risk Management is a practical guide to establishing an effective ERM system by applying best practices at a granular level. Case studies of leading organizations including Mars, Statoil, LEGO, British Columbia Lottery Corporation, and Astro illustrate the real-world implementation of ERM on a macro level, while also addressing how ERM informs the response to specific incidents. Readers will learn how top companies are effectively constructing ERM systems to positively drive financial growth and manage operational and outside risk factors. By addressing the challenges of adopting ERM in large organizations with different functioning silos and well-established processes, this guide provides expert insight into fitting the new framework into cultures resistant to change.

Enterprise risk management covers accidental losses as well as financial, strategic, operational, and other risks. Recent economic and financial market volatility has fueled a heightened interest in ERM, and regulators and investors have begun to scrutinize companies' risk-management policies and procedures. Implementing Enterprise Risk Management provides clear, demonstrative instruction on establishing a strong, effective system. Readers will learn to:

Put the right people in the right places to build a strong ERM framework

Establish an ERM system in the face of cultural, logistical, and historical challenges

Create a common language and reporting system for communicating key risk indicators

Create a risk-aware culture without discouraging beneficial risk-taking behaviors

ERM is a complex endeavor, requiring expert planning, organization, and leadership, with the goal of steering a company's activities in a direction that minimizes the effects of risk on financial value and performance. Corporate boards are increasingly required to review and report on the adequacy of ERM in the organizations they administer, and Implementing Enterprise Risk Management offers operative guidance for creating a program that will pass muster.

The Evolution of Enterprise Risk Management
Why the Need for a Book with ERM Case Studies?
Summary of the Book Chapters
Part I: Overview and Insights for Teaching ERM
Part II: ERM Implementation at Leading Organizations
Part III: Linking ERM to Strategy and Strategic Risk Management
Part IV: Specialized Aspects of Risk Management
Part V: Mini-Cases on ERM and Risk
Part VI: Other Case Studies
About the Editors
Learner-Centered Teaching: The WHY
Five Key Changes to Practice the WHAT
Appendix: LCT ERM Examples from the HOW
About the Contributors
Mars' ERM History
Phase 2—Success
Global Rollout
2007 Operating Plan Workshops
Aggregation
Template Evolution
Special Situations
Major Acquisition
About the Contributor
ERM at Statoil: A Brief History
ERM Foundations
ERM Processes in Statoil Today
Optimizing Total Risk
Total Risk Optimization: Lessons Learned
Risk Aggregation
The Frontiers
The Enterprise Risk Management Program
Premium Rebate Program
Erm and the Center for Health Quality and Innovation
Protected Health Information Value Estimator (PHIve)
About the LEGO Group
The LEGO Group Strategy
LEGO Strategic Risk Management
Enterprise Risk Management (Step 1)
Monte Carlo Simulation (Step 2)
AROP: Active Risk Assessment of Business Projects (Step 3)
Preparing for Uncertainty: Defining and Testing Strategies (Step 4)
The PAPA Model
Stategic Risk Management Return on Investment
Background—Operating Environment
ERM Credit Financing Outcomes
Agricore United
Harvesting Value
Acknowledgments
Sector Issues
Charitable Status
Some Useful Methodology
Four Associations
Association A: London & Quadrant
Association B: RCT Homes
Association C: Ability Housing Association
Association D: GreenSquare
The Higher Education Environment
Emergence of ERM in Higher Education
Adopting and Implementing ERM in Colleges and Universities
The University of Washington: A Journey of Discovery
Evolution of ERM at UW
ERM Structure at UW
UW's ERM Model
Outcomes and Lessons Learned
What Next?: Current Priorities and Future Direction
The Beginnings of the Risk Management Journey
Learning from the First ERM Initiative
Restarting the Program―2006–2008
Key Steps in the Development of the ERM Program
Revitalizing the ERM Program—2009–2010
Strengthening the Program—2010–2013
Building the Risk Profile
The Role of Risk Managers, Champions, and Committees
Developing a More Sophisticated Approach to Risk Analysis and Evaluation
Toward ERM Program Initiation
Initial Actions
Maturing: Years 1 and 2
Intuit's ERM Journey
ERM Maturity Model
Benefits of Measuring Performance in ERM Programs
ERM Performance Measurement and Reporting at Intuit
Enterprise Risk Management at Zurich
Zurich Group's Enterprise Risk Management Framework
Role of the Chief Risk Officer and Group Risk Management at Zurich
Working with External Stakeholders
Zurich's Proprietary Tools Used in ERM Framework
Categorizing Various Risks at Zurich
Capital Management
Zurich's Business Resilience Tools
How Zurich Uses Its ERM Tools to Create New Value
Context—City of Edmonton
ERM Development in the Past
Current Overall ERM Development
Links to Strategic Plan and to Other Strategic Tools
Selecting and Testing a Strategic Risk Management Model
Selecting an ERM Framework
Recommended Strategic ERM Model
Lessons Learned
Appendix: Summary of THE WAY AHEAD, Edmonton's Strategic Plan
ERM: A Reexamination of Purpose
Regulatory Environment
Leveraging ERM to Practice Strategic Risk Management
Managing and Measuring Value Creation
Risk Management Fault Line
Additional Tools and Techniques
The Context
Some Background on the Hope City Police Service
What the Consultant Heard
Community Views on Police Issues
The Company
Market Overview
Blue Wood Financial Performance
Appendix I: Blue Wood Chocolates
Appendix II: The Hershey Company
Appendix III: Rocky Mountain Chocolate Factory, Inc.
Kilgore Custom Milling
The Management Team
The New Contract
The Financial Risk Management Meeting
Company Background
Organization Culture
Local Culture
MECO Structure
MECO Risk Management Background
Risk Management Practices within MECO
Corporate Risk Exercise
Policing and Risk
Five Whys Analysis
Cause and Effect Analysis
Failure Mode, Effects, and Criticality Analysis
Force Field Analysis
Influence Diagrams
Concept Fans
Case Study Example: Tackling Violent Crime
The FMECA Process
Setting the Context
Introduction of ISO 31000 and HB 436 to the Company
Appendix A: JAA Inc. Financial Statements
Appendix B: Risk Management Policy
Part A – Questions
Part B – Questions
Part One: Kerviel's Trial—A Media Circus
Part Two: Outcome and Lessons Learned
Risk and Value at Risk Overview
Your Task: Calculating Portfolio VAR for Vane Mallory
Strategic Risk Management Framework Examined
Modern Portfolio Theory as a Foundation for Efficient Frontier Analysis
Practical Applications of Risk Measurement for Insurance
Sample Case Study
Intended Uses for Our Approach
Modern Portfolio Concerns Contained in the Framework
Consideration of Behavioral Concerns in Structure
The Acquisition and Due Diligence
The Transformation Process
Gaining Senior Management Ownership for Transformation
The Transformation Plan
Chessfield Inc. and Its Board of Directors
Whistle-Blower Complaint
Message from the CEO Requesting to Meet the Author
Governance Documents, Interviews, and On-Site Observation Requested by the Author
CEO Compensation Issue
Risk Management
Self-Dealing Issue
Chessfield Board Meeting to Discuss the Author's Recommendations
Two Contentious Recommendations
Constructive Dialogue: The Essential Difference between Firms That Navigated the Crisis and Those That Failed
Successful Firms: JPMorgan Chase, Goldman Sachs, Wells Fargo, and TD Bank
Firms That Failed to Navigate the Crisis
JPMorgan Chase after the Crisis: The Perils of Hubris
Methodology to Diagnose the Status of ERM Implementation
Main Issues in Poland's ERM Implementation
Board Perception of ERM: “We Have to Change the Way We Run the Business, Because Lack of ERM Creates Inefficient Management”
Who Is Getting Management Buy-In for ERM?
Specific Challenges and Obstacles Observed in Risk Management
We Have to Build the Chief Risk Officer/Risk Manager Profession from Scratch
What Numbers Say about ERM Maturity
Risk Management Framework—Accountability
Impact of the Risk Assessment Tools on the Performance of the Companies
Capital Allocation: A Frequently Missed Part of the ERM Framework and Risk Treatment
Background and Implementation
General Motors' Approach to Enterprise Risk Management
Game Theory
Looking Forward
Corporate Governance in Malaysia
Enterprise Risk Management at Astro
Astro Overseas Limited
Evolution of ERM at AOL
Role of ERM in the Acquisition Process
Risk Profile: Risk Map and Action Plans
The Investment Performance Dashboard
Helping the Board Make Investment Decisions
End User License Agreement

Product information

Title: Implementing Enterprise Risk Management: Case Studies and Best Practices
Author(s): John Fraser, Betty Simkins, Kristina Narvaez
Release date: October 2014
Publisher(s): Wiley
ISBN: 9781118691960

Implementing enterprise risk management.

by James Lam

A practical, real-world guide for implementing enterprise risk management (ERM) programs into your organization Enterprise risk …

Strategic Risk Management: A Practical Guide to Portfolio Risk Management

by David Iverson

A comprehensive guide to the key investment decisions all investors must make and how to manage …

Enterprise Risk Management

by John Fraser, Betty Simkins

Essential insights on the various aspects of enterprise risk management If you want to understand enterprise …

Enterprise Risk Management, 2nd Edition

by John R. S. Fraser, Rob Quail, Betty Simkins

Unlock the incredible potential of enterprise risk management There has been much evolution in terms of …

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Products & Services

Home AdIns Story What is Enterprise Risk Management? Definition, Benefits, and How it Works

What is Enterprise Risk Management? Definition, Benefits, and How it Works

For better business processes, the ability to identify, manage, and mitigate risks is the key to long-term success. One of the increasingly popular approaches to risk management is Enterprise Risk Management (ERM). So, what is Enterprise Risk Management? ERM is a process used by companies to identify and manage risks that can affect the achievement of their goals.

Table of Contents

In this article, we will discuss in full and in detail what Enterprise Risk Management is, its benefits for companies, how it works, and how AdIns’ Business Intelligence application can help companies in implementing ERM.

Read Also: 9 Reasons Why Risk Management is Important in Increasing Company Success

What is Enterprise Risk Management?

ERM, or Enterprise Risk Management, is an integrated, comprehensive approach to identifying, assessing, and managing risk across an enterprise. ERM differs from traditional risk management approaches that often focus on just one specific area, such as financial or operational risk.

With ERM, companies consider different types of risks—both internal and external—and how the interactions between those risks can impact overall business objectives.

ERM involves all levels of the organization, from top management to front-line employees. This process includes risk identification, risk assessment, risk response, risk monitoring and reporting. With this approach, companies can be more proactive in managing risk, rather than just reactive when the risk has occurred.

Benefits of Enterprise Risk Management for Companies

After understanding what Enterprise Risk Management is, it is important to know what benefits can be obtained by companies that implement it. Here are some of the main benefits of ERM:

1. Increase Risk Awareness Across the Company

With ERM, all employees and management have a better understanding of the risks the company faces. This helps in creating a better risk culture and encourages all parties to be more careful in decision making.

2. Better Decision Making

With more comprehensive information about risks, management can make more informed and strategic decisions. ERM provides a framework for assessing the potential impact of various risks and taking appropriate actions.

3. Improve Operational Efficiency

By proactively identifying and managing risks, companies can reduce operational disruptions. This not only helps in maintaining smooth operations but also saves costs that may arise from unmanaged risks.

4. Improve Regulatory Compliance

Many industries have stringent compliance requirements. ERM helps companies ensure they meet all applicable regulatory requirements, reducing the risk of sanctions and fines.

5. Preserving Company Reputation

Good risk management helps in maintaining the company’s reputation. In the digital era, information spreads quickly and negative events can damage a company’s reputation in a short time. ERM helps companies mitigate reputational risks more effectively.

Read Also: Office Management: Definition, Scope, Functions, and Strategies

How Enterprise Risk Management Works

After understanding what Enterprise Risk Management is and its benefits, here is an explanation of how it works. The ERM process generally consists of several main steps, namely:

1. Identify Risks

The first step in ERM is to identify the risks that the company may face. This involves gathering information from a variety of sources, including employee interviews, historical data analysis, and monitoring industry trends.

2. Risk Assessment

Once risks have been identified, the next step is to assess the impact and likelihood of those risks occurring. This can be done through a variety of methods, including quantitative and qualitative analysis.

3. Risk Response

Based on the assessment results, the company must determine the appropriate response to each risk. This response can be risk avoidance, risk reduction, risk transfer (for example through insurance), or risk acceptance.

4. Monitoring and Reporting

ERM is not a static process. Companies must continually monitor the risks they have identified and the responses they have taken. This involves regular reporting to management and adjusting strategies as necessary.

6. Communication and Consultation

Effective communication with all stakeholders is essential in ERM. It ensures that all parties understand the risks the company faces and the actions taken to manage them.

what is enterprise risk management, What is Enterprise Risk Management? Definition, Benefits, and How it Works, Advance Innovations

Enterprise Risk Management is a comprehensive and integrated approach to managing risk across the enterprise. By understanding what Enterprise Risk Management is and implementing it, companies can increase risk awareness, make better decisions, improve operational efficiency, ensure regulatory compliance, and protect the company’s reputation.

In implementing ERM, companies need effective tools and systems to support the process. AdIns offers Business Intelligence solutions that can help companies in risk management.

With AdIns Business Intelligence Application , companies can access comprehensive data and in-depth analysis to identify, assess, and manage risks more effectively. This solution is equipped with advanced features that support real-time risk monitoring and accurate reporting.

AdIns Business Intelligence applications provide companies with a competitive advantage in managing risk. With seamless data integration, predictive analytics, and intuitive data visualization, companies can make better and faster decisions in responding to risk.

For more information on how AdIns Business Intelligence solutions can help your company in risk management, visit the AdIns official website or start your free demo here .

With AdIns, your company can face business challenges with more confidence and achieve strategic goals more effectively!

Published date :

21 August 2024

Recent Updates

What Financial Risks Should Companies Be Aware Of?

9 Reasons Why Risk Management is Important in Increasing ...

Learn what machine learning is and its many benefits for ...

What is Risk Register? Components, Benefits, and How to C...

What is ERP in Office Administration?

Innovation Beyond Two Decades – AdIns 20th Anniversary

What is OCR and How Does it Work?

Subscribe to Receive the Latest Newsletter

Your Email *
Grha Adicipta, Jl. Kebon Jeruk Raya No. 80, Jakarta Barat, 11530
(021) 5367 3030
+62 819 5900 8500
[email protected]
Mobile Order
Mobile Survey
Mobile Collection
Mobile Customer
Managed IT Service
Digital Signature
Liveness Check

General Finance & Investments
Institutional & Corporate Finance

Implementing Enterprise Risk Management: Case Studies and Best Practices

ISBN: 978-1-118-74618-9

October 2014

Digital Evaluation Copy

John R. S. Fraser , Betty Simkins , Kristina Narvaez

IMPLEMENTING ENTERPRISE RISK MANAGEMENT

Enterprise risk management (ERM) is a growing field, but it is not often taught in business schools, and few executives really understand it. This puts them at a disadvantage because their finance, marketing, and manage-ment initiaives are only valuable if they don't fall victim to avoidable risks. In 2010, John R.S. Fraser and Betty J. Simkins published Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives, a respected and comprehensive text on this important subject. Now, this companion volume, Implementing Enterprise Risk Management, goes a step further toward filling the void in the ERM literature.

Implementing Enterprise Risk Management also works well as a stand-alone volume. Putting ERM principles into practice requires an understanding of what risk management looks like in the real world. Implementing Enterprise Risk Management provides that understanding, with case studies from top organizations that show in detail how ERM really works. The contributors weave key concepts, definitions, strategies, and methodologies throughout the text, yielding a nice balance of academic and practical information.

Enterprise risk management is a constantly evolving process. Pure theory can be useful to a point, but the flexibility to adapt theory to fit unique scenarios is crucial. Implementing Enterprise Risk Management contains 35 chapters detailing case studies from organizations around the world, giving risk professionals a range of examples to follow in pursuing their own ERM programs. This latest volume in Wiley's Robert W. Kolb Series in Finance provides important guidance for any organization looking to integrate ERM into its risk culture.

JOHN R.S. FRASER is the Senior Vice President of Internal Audit and former Chief Risk Officer of Hydro One Networks Inc. He holds several auditing and accounting certifications and has over 30 years of experience in the risk and control field.

BETTY J. SIMKINS is the Williams Chair and Professor of Finance at Oklahoma State University's Spears School of Business, where she teaches enterprise risk management and other courses. She has published award-winning research on risk management in academic and professional outlets.

KRISTINA NARVAEZ is President and CEO of ERM Strategies. Her work in risk management has been recognized with accolades and awards from numerous organizations, including the Risk and Insurance Management Society.

Accessibility Options:
Skip to Content
Skip to Search
Skip to footer
Office of Disability Services
Request Assistance
305-284-2374
High Contrast
School of Architecture
College of Arts and Sciences
Miami Herbert Business School
School of Communication
School of Education and Human Development
College of Engineering
School of Law
Rosenstiel School of Marine, Atmospheric, and Earth Science
Miller School of Medicine
Frost School of Music
School of Nursing and Health Studies
The Graduate School
Division of Continuing and International Education
People Search
Class Search
IT Help and Support
Privacy Statement
Student Life
University of Miami
Division of University Communications
Office of Media Relations
Miller School of Medicine Communications
Hurricane Sports
UM Media Experts
Emergency Preparedness
Awards & Honors
Career Development
Press Releases
Student Scholarships
Student Spotlight
More Headlines
Admissions Events
Alumni Events
Continuing Legal Education
Publications
Prospective Students
Faculty & Academics
Alumni & Giving
Latest Headlines
Subscribe to News@TheU Newsletter
UM NEWS HOME

M.L.S. Insights: Navigating Enterprise Risk Management for Your Organization

By Miami Law Blog Contributor 08-22-2024

In today's complex and uncertain global business environment, companies are constantly looking for ways to minimize risk. Specifically, many businesses are beginning to utilize a strategy known as enterprise risk management (ERM) as a means of identifying, assessing, and mitigating risks while working toward strategic goals.

But what exactly is enterprise risk management, and how does it differ from traditional risk management practices? With a better understanding of these concepts, you can determine whether a Master of Legal Studies degree program should be your next big career move.

Understanding Enterprise Risk Management (ERM)

Before diving in any deeper, it is important to understand ERM as a holistic and strategic approach to risk management. ERM differs from traditional siloed risk management practices in the sense that it has a robust framework that involves careful strategic planning, goal setting, risk response strategies, and continuous monitoring and reporting.

Defining ERM and Its Significance

In simplest terms, ERM can be defined as a strategic process designed to pinpoint, assess, and manage risk across every aspect of an organization. This in-depth assessment and management of a company's risk can aid leaders in making the most informed decisions to optimize operational efficiency, minimize potential losses, and maintain long-term sustainability.

The Evolution of ERM Practices

ERM as we know it today first emerged in the mid-1990s, although traditional methods of risk management in business date back further to about the 1920s . Since its emergence in the mid-1990s, ERM has grown to become a critical business function, particularly among larger organizations.

Over the years, many factors have driven ERM implementation in organizations globally, including:

Global economic volatility and uncertainty
Technological advancements
Increased regulatory scrutiny

Core Components of ERM

There are several key components of enterprise risk management in an organization, with each working together to create a comprehensive risk management approach.

Strategic Planning and Goal Setting

ERM begins with an alignment of risk management and an organization's overarching strategic goals. The process of creating a comprehensive strategic plan and setting specific short- and long-term objectives before implementing an ERM ensures that the overall risk management methods being used will support the mission and values of the business as a whole.

Risk Identification and Assessment

Next, this top-down strategy continues with a thorough process of identifying and assessing potential risks that may have an impact on the organization's ability to achieve those goals and objectives. During this stage, a variety of risk assessment tools and techniques may be used to pinpoint risks and evaluate the likelihood and potential impact of different hazards.

Some enterprise risk management examples of tools that may be used in this stage include:

Scenario analysis tools
Risk quantification tools
Automated analytics and reporting tools
Strategic planning tools

Risk Response Strategies

Once organizations can identify and assess the biggest risks to reaching their goals and objectives, the next step is to determine which risk response strategies will be best for responding to and mitigating those potential risks. Typically, these strategies are carefully chosen based on an organization's unique risk appetite and risk tolerance.

Some enterprise risk management examples of risk response strategies that may be utilized here include:

Risk avoidance
Risk reduction
Risk transfer
Risk acceptance

Continuous Monitoring and Reporting

Even once an ERM strategy is implemented within an organization, the work is never quite complete. That is because ERM is not a one-time event but a continuous, ongoing process. By regularly monitoring and reporting on ERM strategies and their effectiveness, business leaders can optimize risk mitigation while potentially identifying new and emerging risks that may need to be addressed.

Steps for Effective ERM Implementation

While the exact steps required to implement ERM within an organization can vary based on the unique needs and goals of the company, most businesses can follow this general series of steps to carry out the ERM process successfully.

Establish a risk management team
Development a risk management policy
Create a risk register
Implement risk mitigation strategies
Report and revisit strategies regularly for continuous improvement

The Role of Master of Legal Studies (M.L.S.) in ERM

If you are interested in helping organizations identify, assess, and mitigate risks while working toward long-term goals and objectives, then having a solid legal background can be extremely valuable. Specifically, obtaining your Master of Legal Studies (M.L.S.) degree can play a crucial role in ERM in a number of ways.

Integrating Legal Expertise into ERM Frameworks

For starters, graduates of an M.L.S. program can bring their extensive legal knowledge and skills to the table, helping organizations more successfully identify and assess legal risks. This can better inform an organization's risk response strategies to ensure they are operating in compliance with all industry-related laws and regulations.

Understanding Legal Compliance and Potential Risks in ERM Implementation

Speaking of legal compliance, an M.L.S. program will go into detail about the various legal compliance risks inherent across a wide range of industries. This includes finance, healthcare, technology, and more. With a better understanding of these potential compliance risks, M.L.S. graduates in ERM roles can help businesses better understand and navigate these complex regulations while protecting their own mission and bottom line.

Communicating with Legal Professionals in the ERM Decision-Making Process

One of the biggest challenges in designing and implementing an ERM within an organization is communicating highly complex legal topics between legal and non-legal teams. All too often, there is a disconnect between these groups that can lead to problems, including increased legal risks, down the road.

That said, with a background in legal studies, M.L.S. graduates can serve as effective and confident communicators between legal and non-legal teams. This helps ensure that legal risks can be properly understood and addressed within the ERM framework.

Implementing Legal Compliance Measures in ERM Strategies

Another way in which having an M.L.S. degree can add value to ERM strategies is through helping organizations implement legal compliance measures within their ERM frameworks. Specifically, those with a strong understanding of legal studies can assist organizations in developing and implementing risk mitigation strategies. Thishelps comply with all relevant industry laws and regulations for added legal protection and peace of mind.

Utilizing M.L.S. Skills and Knowledge in ERM Processes

Finally, graduates of a legal studies program can practically apply their analytical, research, and critical thinking skills in the design and implementation of an ERM strategy. These specific skills can be invaluable in helping organizations identify, assess, and mitigate risks to achieve short- and long-term objectives more readily.

Strategic Importance of ERM Across Industries

Today, ERM is used across a wide range of industries. Any field where there are risks being mitigated can benefit from ERM, especially when it comes to achieving goals and gaining a competitive advantage over businesses without these strategies in place. Some industries where ERM is most widely utilized include finance, real estate, healthcare, and technology.

ERM's Role in Financial Stability and Growth

Having a risk management framework in place can help financial institutions more effectively mitigate their risks, particularly those related to market volatility, regulatory compliance, operational disruptions, and credit. When ERM is used to identify and mitigate these risks, financial institutions can set themselves up for greater financial stability and improved long-term growth.

Impact on Reputation and Public Perception

Even organizations outside of the finance industry can benefit from having an ERM framework in place because doing so can help protect reputations while building valuable trust with stakeholders. More specifically, taking the time to design and implement an effective ERM framework demonstrates to stakeholders that the organization is committed to responsible risk management.

Likewise, ERM strategies can help organizations avoid scandals, crises, and costly legal liabilities that could damage their reputation by identifying and mitigating these risks before they arise.

Overcoming Common ERM Implementation Challenges

While there are many benefits to ERM implementation in organizations, this is not to say that enterprise risk management does not come with some potential obstacles and challenges.

There are several common challenges businesses may face when it comes to implementing ERM frameworks, beginning with a natural resistance to change. Transitioning to ERM can require a lot of change in terms of how business practices are carried out and how decisions are made. This may be met with some resistance among those who have been doing things another way for years.

Likewise, a lack of resources can make designing and implementing ERM challenging. Establishing an ERM framework requires a great deal of time and resources, including dedicated staffing and risk mitigation tools, that can add up to be quite costly. This is where it is essential for organizations to see ERM as an investment in their future success, even if it means spending some additional money for the resources they need up-front.

Finally, some organizations may face challenges not when it comes to identifying risks but quantifying them. This is where bringing in the right risk assessment and scenario planning tools can make all the difference, allowing decision-makers to envision the likelihood and impact of potential risks with ease.

Learn More With an M.L.S. Degree

As organizational and financial risks continue to lurk around every corner, savvy businesses need to stay on top of these potential hazards with a solid enterprise risk management plan. With this in mind, it is also likely that businesses will continue turning to risk management professionals who have a solid background in legal studies to design and implement ERM successfully.

Looking to advance your understanding of ERM frameworks and the legal/compliance issues surrounding them? If so, then it may be time to explore an online Master of Legal Studies program that will prepare you for this type of work.

The University of Miami School of Law is proud to offer an online Master of Legal Studies curriculum that allows students to enroll part- or full-time with flexible scheduling to suit their busy lives. Reach out to learn more or get started with your online application today.

https://admissions.law.miami.edu/academics/MLS/

https://admissions.law.miami.edu/academics/MLS/curriculum/

https://www.auditboard.com/blog/enterprise-risk-management/

https://www.metricstream.com/blog/top-5-erm-tools.html

Campus Visit Reservation Form

Learn about us, j.d., ll.m., and s.j.d., get started.

University of Miami School of Law

1311 Miller Drive Coral Gables , FL 33146
[email protected]
Current Students
Careers - OCPD

Quick Links

Academic Calendar - Law School
Academic Calendar - University
Events Calendar

Communications

For the Media
Web Feedback
Consumer Information (ABA Required Disclosures)
Policies & Privacy Statements
Visiting the Law School
Parking & Transportation
social-facebook
social-twitter
social-youtube
social-instagram
social-linkedin
social-threads

Individuals with disabilities who experience any technology-based barriers accessing the University’s websites or services can visit the Office of Workplace Equity and Inclusion .

IMAGES

PPT
Enterprise Risk Management A Case Study
Enterprise Risk Management with Examples
PPT
Enterprise Risk Management ERM
Implementing Enterprise Risk Management: Case Studies and Best

COMMENTS

Enterprise Risk Management Examples l Smartsheet
Learn how companies from different industries manage risks and achieve their goals with enterprise risk management (ERM) programs. Explore more than 20 case studies of ERM successes and failures, frameworks, principles, and scenarios.
Enterprise Risk Management at Hydro One (A)
The case challenges students to define the problems and risks that the company faces, given its strategic objectives, its evolving risk profile, and the changing environment. The case also offers a discussion ground for defining the role of the chief risk officer and the relationship between risk management, strategic planning and capital ...
PDF Fall 2020 Enterprise Risk Management Case Study
í ZD ^ µ Ç ,QWURGXFWLRQ DQG 5HFRPPHQGDWLRQV d Z ] µ Ç v ] v ( } u ] } v ( } Z ( } o o } Á ] v P } u v ] W î ^ ] } v ï X í ð v ð X í ô ~ µ µ Z v ] Z } µ o À ] Á o o } ( ^ ] } v ï v ð }
PDF Enterprise risk management (ERM): The modern approach to managing risks
Enterprise risk management (ERM): The modern approach to managing risks. 5 1 2 3 Begin today Companies manage risks every day—one of the challenges is how to integrate risk intelligence across the enterprise so that it aligns with overall strategy and becomes part of the culture. No matter where your company is on the maturity spectrum in
The Ultimate Guide to Enterprise Risk Management
Enterprise risk management (ERM) is a constantly evolving field, but remains focused on identifying and minimizing risks that companies face. These risks might be specific to an industry (for example, HIPAA compliance in the healthcare field) or those faced by virtually every organization in the 21st century, such as cyber threats.
Triangulating Risk Profile and Risk Assessment: A Case Study of ...
Establishing an enterprise risk management (ERM) system is widely viewed as providing firms with the tools and processes needed to build resilience and expertise, enabling them to manage the consequences of crises that have led to the collapse of major firms across different industries globally. Intended for use in advanced accounting, auditing, and finance courses, this case study (of a true ...
Enterprise Risk Management
This supplement, titled COSO Enterprise Risk Management - Integrating with Strategy and Performance: Compendium of Examples, was developed from industry practices identified through extensive research conducted when updating the Framework. ... Written as a collection of case studies, the Compendium offers real-world advice about how to put the ...
Implementing Enterprise Risk Management: Case Studies and Best
Implementing Enterprise Risk Management is a practical guide to establishing an effective ERM system by applying best practices at a granular level. Case studies of leading organizations including Mars, Statoil, LEGO, British Columbia Lottery Corporation, and Astro illustrate the real-world implementation of ERM on a macro level, while also ...
Implementing enterprise risk management : case studies and best
1 Enterprise Risk Management Case Studies: An Introduction and Overview 1 John R.S. Fraser, Betty J. Simkins, and Kristina Narvaez PART I Overview and Insights for Teaching ERM 17 2 An Innovative Method to Teaching Enterprise Risk Management: A Learner-Centered Teaching Approach 19 David R. Lange and Betty J. Simkins PART II ERM Implementation ...
ENTERPRISE RISK MANAGEMENT
Drivers of Enterprise Risk Management 4 Summary of the Book Chapters 5 Overview 5 ERM Management, Culture, and Control 6 ERM Tools and Techniques 8 Types of Risks 10 Survey Evidence and Academic Research 12 Special Topics and Case Studies 13 Future of ERM and Unresolved Issues 15 Notes 16 About the Editors 16 2 A Brief History of Risk Management 19
Wiley Implementing Enterprise Risk Management: Case Studies and Best
Overcome ERM implementation challenges by taking cues from leading global organizations. Implementing Enterprise Risk Management is a practical guide to establishing an effective ERM system by applying best practices. at a granular level. Case studies of leading organizations including Mars, Statoil, LEGO, British Columbia Lottery Corporation ...
Enterprise Risk Management Maturity: A Clinical Study of a U.S
This study, which is based on actual events, presents a dynamic analysis of the development, implementation, and post-implementation review of establishing an enterprise risk management (ERM) system for a U.S. multinational nonprofit firm over a 5-year period, 2015-2020.
Enterprise Risk Management
This supplement, titled COSO Enterprise Risk Management - Integrating with Strategy and Performance: Compendium of Examples, was developed from industry practices identified through extensive research conducted when updating the Framework. ... Written as a collection of case studies, the Compendium offers real-world advice about how to put the ...
Implementing Enterprise Risk Management: Case Studies and Best
Implementing Enterprise Risk Management also works well as a stand-alone volume. Putting ERM principles into practice requires an understanding of what risk management looks like in the real world. Implementing Enterprise Risk Management provides that understanding, with case studies from top organizations that show in detail how ERM really works.
PDF Enterprise Risk Management
Reduced the Cost of Risk from $18.46 per $1,000 of operating budget to $13.31 per $1,000 of operating budget. Each year University of California holds an Annual ERM Summit focused on their continuous effort in improving their ERM program by reducing their Cost of Risk. Case Study: University of California.
The Business Case for Enterprise Risk Management
Develop risk policies, processes, and procedures. In putting the case for ERM, it may be useful to scope out the roles and responsibilities of each party involved in risk management within your organization. Depending on the scale and nature of the enterprise, they may include business owners or board members, audit and risk functions, senior ...
Implementing Enterprise Risk Management: Case Studies and Best
Implementing Enterprise Risk Management is a practical guide to establishing an effective ERM system by applying best practices at a granular level. Case studies of leading organizations including Mars, Statoil, LEGO, British Columbia Lottery Corporation, and Astro illustrate the real-world implementation of ERM on a macro level, while also addressing how ERM informs the response to specific ...
PDF The Evolution of Enterprise Risk Management
The first session is used to identify the top 5-10 inherent risks which the participating departments commonly share that could have a negative impact on successfully managing operations, regulatory compliance obligations, funding streams, environmental safety and other administrative activities.
Enterprise risk management application implementation case study
It involves taking the proper decisions to keep a safe balance between negative risks and potential opportunities. Enterprise Risk Management (ERM) needs to be applied and performed through solid steps taking into account the structure of the entire organization, its objectives, and all the stakeholders involved.
Implementing Enterprise Risk Management: Case Studies and Best
Book description. Overcome ERM implementation challenges by taking cues from leading global organizations. Implementing Enterprise Risk Management is a practical guide to establishing an effective ERM system by applying best practices at a granular level. Case studies of leading organizations including Mars, Statoil, LEGO, British Columbia Lottery Corporation, and Astro illustrate the real ...
PDF Risk Management—the Revealing Hand
Many believe that the recent emphasis on enterprise risk management function is misguided, especially after the failure of sophisticated quantitative risk models during the global financial crisis. The concern is that top-down risk management will inhibit innovation and entrepreneurial activities. We disagree and argue that risk management
Understanding Enterprise Risk Management and Its Benefits
Enterprise Risk Management is a comprehensive and integrated approach to managing risk across the enterprise. By understanding what Enterprise Risk Management is and implementing it, companies can increase risk awareness, make better decisions, improve operational efficiency, ensure regulatory compliance, and protect the company's reputation.
Business Case Study: Enterprise Risk Management at Toyota
Business Case Study: Enterprise Risk Management at Toyota. M.B.A. University of Pittsburgh. Corporate Manager and veteran Business and Economics teacher at a number of community colleges. After ...
Implementing Enterprise Risk Management: Case Studies and Best
Implementing Enterprise Risk Management also works well as a stand-alone volume. Putting ERM principles into practice requires an understanding of what risk management looks like in the real world. Implementing Enterprise Risk Management provides that understanding, with case studies from top organizations that show in detail how ERM really works.
M.L.S. Insights: Navigating Enterprise Risk Management for Your
In today's complex and uncertain global business environment, companies are constantly looking for ways to minimize risk. Specifically, many businesses are beginning to utilize a strategy known as enterprise risk management (ERM) as a means of identifying, assessing, and mitigating risks while working toward strategic goals.

Enterprise Risk Management 101: Programs, Frameworks, and Advice From Experts

What Is Enterprise Risk Management?

The History of Enterprise Risk Management

Why Enterprise Risk Management Is Important: The Risks Faced by Enterprises

The Goals of Enterprise Risk Management Programs

How Enterprise Risk Management Addresses the Risks Faced by the Financial Sector

IT and Cyber Risk Management

One of the Biggest Risks in Enterprise Risk Management: Employee Theft

Risks Faced in Other Industries

Incorporating Compliance and Governance into Enterprise Risk Management

Enterprise Risk Management Policy: The Best Practices of Implementing a Policy and Identifying KRIs

Enterprise Risk Management Frameworks and How to Use Them

Enterprise Risk Management Maturity Models

Enterprise Risk Management: The Experts’ View

The Benefits of Using Enterprise Risk Management Software

Enterprise Risk Management Educational Opportunities and Resources

Smartsheet: An Essential Tool for Enterprise Risk Management Professionals

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

Information

Initiatives

Article Menu

JSmol Viewer

1. Introduction

Author Contributions

Share and Cite

Article Metrics

Implementing enterprise risk management : case studies and best practices

More options

Description

Bibliographic information

Enterprise Risk Management

Integrating with Strategy and Performance

University Professor/Student Discounts

Integrating with Strategy and Performance: Compendium of Examples​​

The Compendium may be purchased from the following organizations:

The Business Case for Enterprise Risk Management

Share This, Choose Your Platform!

U.S. Army Successfully Combats Project Risks with Riskonnect’s Active Risk Manager

5 Project Management Risks and What You Can Do About Them

Elbit America Achieves Mission Success with Riskonnect’s Active Risk Manager

Review our cookie policy

Privacy Overview

Implementing Enterprise Risk Management: Case Studies and Best Practices

26 Citations

Decentralized Enterprise Risk Management Issues under Rapidly Changing Environments

Implementing Enterprise Risk Management: Case Studies and Best Practices

Book description

Table of contents

Product information

You might also like

Strategic Risk Management: A Practical Guide to Portfolio Risk Management

Enterprise Risk Management

Enterprise Risk Management, 2nd Edition

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly

Products & Services

What is Enterprise Risk Management? Definition, Benefits, and How it Works

What is Enterprise Risk Management?

Benefits of Enterprise Risk Management for Companies

1. Increase Risk Awareness Across the Company

2. Better Decision Making

3. Improve Operational Efficiency

4. Improve Regulatory Compliance

5. Preserving Company Reputation

How Enterprise Risk Management Works

1. Identify Risks

2. Risk Assessment

3. Risk Response

4. Monitoring and Reporting

6. Communication and Consultation

Recent Updates

What Financial Risks Should Companies Be Aware Of?

9 Reasons Why Risk Management is Important in Increasing ...

Learn what machine learning is and its many benefits for ...

What is Risk Register? Components, Benefits, and How to C...

What is ERP in Office Administration?

Innovation Beyond Two Decades – AdIns 20th Anniversary

What is OCR and How Does it Work?

Subscribe to Receive the Latest Newsletter

Integrating with Strategy and Performance: Compendium of Examples