Page 393 - COSO Guidance Book
P. 393
Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management | 23
b. Set authority, objectives and expectations for iii. Identify opportunities to enhance risk management
the leader responses
c. Allocate appropriate resources to enable success e. Develop action plans to enhance risk management
i. Review Principle 5: Attracts, Develops, and Retains practices related to the risks identified
Capable Individuals, of the COSO ERM framework, i. Identify actions to implement the opportunities
for additional ideas and information regarding identified above
human capital ii. Establish target dates and responsibilities
iii. Develop process to monitor and track
3. Establish a Management Working Group implementation
a. Establish a management working group to support the
risk leader and drive the effort across the organization 6. Develop Consolidated Action Plan and Communicate to
b. Have the right, key people in the group Board and Management
i. Sufficient level and stature a. Consolidate the action plans developed in the
ii. “C-suite” representation above steps
iii. Business unit management b. Prioritize actions and allocate resources across
iv. Strategic planning head the actions
c. Agree on objectives for the working group c. Assign responsibility for actions and monitoring
i. Build ERM using incremental steps d. Present consolidated initial action plan to Board and
ii. Define some sought-after benefits to evaluate management
each step e. Develop communications plan to communicate risk
iii. Establish reporting process for management and initiative and results across the organization
the board
7. Develop/Enhance Risk Reporting
4. Inventory the Existing Risk Management Practices of the a. Assess adequacy and effectiveness of existing
Organization risk reporting
a. Identify and inventory existing risk practices, whether a. Consider integration of risk reporting with existing
formal or informal performance reporting
b. Consider how those practices fit or align with the b. Develop new reporting formats
organization’s strategy setting and performance i. Consider extensive use of graphics and colors to
review process indicate risk trending and significance
c. Identify gaps and opportunities to further integrate the ii. Consider developing a risk “dashboard” for
organization’s strategy and risk processes the board
i. Identify initial opportunities for further integration iii. Consider use of strategy maps or other visuals to
d. Develop specific action steps to close gaps and link strategies to risks
implement opportunities c. Develop process for periodic reporting of
emerging risks
5. Conduct an Initial Assessment of Key Strategies and d. Assess effectiveness of new reporting with
Related Strategic Risks. stakeholders and revise as appropriate
a. Start by identifying the organization’s key strategies
and business objectives 8. Develop the Next Phase of Action Plans and Ongoing
b. Discuss and identify the events/risks that could impair Communications
the success of each core strategy a. Conduct a critical assessment of the accomplishments
c. Consider risk factors beyond just probability and of the working group
impact, for example, organizations have considered i. Identify benefits to date
factors such as; ii. Assess the level of integration with strategic
i. Velocity of risk planning and performance measurement processes
ii. Preparedness iii. Assess impact on the culture of the organization
iii. Other factors b. Revisit the COSO ERM Framework and identify next
d. For the most significant risks; risk management processes for enhancement
i. Assess exposure to the risk i. Consider actions related to establishing or
ii. Assess adequacy of existing risk management articulating the risk appetite of the organization
responses ii. Consider organizational or strategic changes in the
organization
c oso . or g
