Page 24 - Insurance Times August 2023
P. 24

Components of ERM:
          The COSO framework for ERM identifies  eight
          components:
          Internal  environment,  Objective  setting,  Event
          identification, Risk assessment, Risk  response, Control
          activities, Information & communication, and Monitoring.

          Internal Environment:The elements that make up the
          internal environment include things as "an entity's ethical
          values,  competence and development  of personnel,
          management's operating style and how it assigns authority
          and responsibility." As part of this internal environment, a
          company will establish its philosophy of risk management.It  Risk Response: Leadership's response or action towards the
          Establishes a philosophy regarding risk management. It  existence  of  a risk.  There  are  different approaches,
          recognizes that unexpected as well as expected events may  including: Avoidance - eliminate the conditions that allow
          occur. This includes activities like a risk management policy,  the risk to exist. Reduction/mitigation - minimize the
          setting of risk appetite and risk tolerance levels.  probability of the risk occurring and/or the likelihood that it
                                                              will occur.Since project managers and risk practitioners are
          Objective  Setting: Involves identifying or understanding  used  to the four common  risk response strategies (for
          what an organization or a  division or a department is  threats) of avoid, transfer, mitigate and accept, it seems
          expected to achieve in long term and its related short term  sensible to build on these as a foundation for developing
          or operational objectives that would enable achieving the  strategies  appropriate  for  responding  to  identified
          strategic objectives.Determine the organization's risk  opportunities.
          appetite.  Identify  and  prioritize  risks  through  risk
          assessment. Prioritize risks based on their potential likelihood  Control Activities:  Control activities are performed at all
          and  impact.  Develop  a  plan  for  risk  mitigation  or  levels of the entity, at various stages within the business
          acceptance.                                         processes, and over the technology environment. They may
                                                              encompass a range of manual and automated activities such
          Event  Identification:  During  event  identification,  as  authorizations  and  approvals,  verifications,
          management identifies potential events that could affect an  reconciliations, and business performance reviews. Control
          entity's ability to  achieve its objectives. An event is an  activities are the policies,  procedures, techniques, and
          incident or occurrence that emanates from either internal  mechanisms that help ensure that management's response
          or external sources.Internal and external events affecting  to reduce risks identified during the risk assessment process
          achievement of an entity's objectives must be identified,  is carried out. In other words, control activities are actions
          distinguishing  between  risks  and  opportunities.  taken to minimize risk.
          Opportunities  are  channelled back to management's
          strategy or objective-setting processes.            Information   &    Communication:    Information,
                                                              communication, and reporting is one of the key components
          Risk Assessment: Risk assessment is the iterative process  of the COSO ERM framework. Enterprise risk management
          of risk identification, analysis, and evaluation. The objective  requires a continual process of obtaining and sharing
          is to provide sufficient information at appropriate intervals  necessary information, from both internal and external
          for risk-informed management decisions. The steps to access  sources, which flows up, down, and across the organization.
          the risk are:                                       Internal communication is the means by which information
             Identify hazards.                                is disseminated throughout the organization, flowing up,
                                                              down, and across the entity. It enables personnel to receive
             Assess the risks.
                                                              a  clear message from senior management that control
             Control the risks.
                                                              responsibilities must be taken seriously.
             Record your findings.
             Review the controls.                             Monitoring:  Ongoing  monitoring  includes  regular

                                                                        The Insurance Times  August 2023   19
   19   20   21   22   23   24   25   26   27   28   29