Page 376 - COSO Guidance Book
P. 376

6    |   Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management




        II. KEYS TO SUCCESS

        As an organization considers implementing or enhancing   The board must also demonstrate clear support for ERM
        their ERM activities, it is important to establish a strong   as an important strategy and governance process and
        conceptual foundation that provides the base to begin the   provide clear direction and oversight to management’s
        ERM work. Experience has shown that there are some   ERM undertakings. It is the board’s responsibility to see
        consistent underlying themes that have proven valuable in   that management is devoting the right level of attention,
        successful ERM initiatives. These themes represent “Keys   resources and priority to ERM and that actions are being
        to Success” for organizations implementing or enhancing   taken to integrate ERM with the appropriate functions and
        their ERM initiatives. Outlined below are some overarching   processes across the organization. Failure to do that can
        themes that can form the basis for this foundation. These   result in separate, lower level staff functions who do not
        “Keys to Success” can aid directors and management to   have an appropriate support or voice and as a result, the
        avoid recognized barriers and resistance points as they are   organization will not realize fully the benefits of ERM.
        implementing their ERM efforts.
                                                          Further, the board should see that an effective ERM leader
        Theme 1.                                          is in place who is widely respected across the organization,
        Start at the top; board and management            knowledgeable about its businesses and strategies,
        support is necessary                              and given the resources and support to accomplish the
        Support from the board and senior management is   ERM effort. That leader should also be at a level in the
        probably the single most important success factor for any   organization that affords them access to the board and
        ERM initiative. The board and management not only set the   management and involvement in key strategy setting and
        strategy of the organization, but they also set the “tone at   planning activities.
        the top” and define the desired culture of the organization.
        The tone and priority given to an ERM initiative by the   Appendix C – Frequently Asked ERM Questions includes
        board and management will quickly and visibly determine   responses to some common questions related to ERM that
        its success.                                      directors and senior management should find useful.
        This important board and management engagement and   Theme 2.
        support is described in more detail in the Governance and   The role and objective of ERM must be understood
        Culture component of the revised COSO ERM framework   and communicated
        (see Principle 3: Defines Desired Culture in COSO’s 2017   The 2017 Framework makes explicit the role and objective
        Enterprise Risk Management – Integrating with Strategy   of ERM as helping the organization enhance value. This
        and Performance). That component of the Framework   clarity is beneficial in helping people understand the real
        notes, “An entity’s culture influences how the organization   benefit and value of an investment in ERM and avoiding
        applies this Framework: how it identifies risk, what types   misunderstandings about its role and objective. As ERM
        of risk it accepts and how it manages risk.” Establishing   was receiving increased attention from regulators,
        a “risk aware” culture across the organization is critical   rating agencies, and financial reporting agencies, it
        and will determine whether ERM is viewed as a separate   led some organizations to view ERM as a regulatory or
        compliance driven initiative or viewed as a process to   compliance driven activity. Likewise, some viewed ERM
        help the organization enhance its value. Starting from   as a simple exercise in risk identification. The Framework
        the top, for an ERM initiative to be successful, the board   brings needed clarity in explicitly describing the role and
        and management must clearly embrace the objectives   objective of ERM as helping the board and management
        of enterprise risk management and set the tone that it   make better decisions and enhancing the value of
        is an integral part of how the organization achieves its   the organization. This role and objective needs to be
        mission and its business objectives. Also, as the board   understood fully by directors and management. They can
        and senior management have the best “enterprise view”   then correctly position any ERM initiative.
        of the organization they are critical to the success and
        effectiveness of any ERM initiative.















           c oso . or g
   371   372   373   374   375   376   377   378   379   380   381