Page 388 - COSO Guidance
P. 388
18 | Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management
Step 8.
EX AMPLE 12 Develop the Next Phase of Action Plans
Integrating ERM Strategic Objectives and Ongoing Communications
in Strategy Maps Conduct a critical assessment of the accomplishments of the
working group and develop the next steps in the evolution
A global technology company used the of their risk management processes. This assessment can
Strategic Risk Assessment Process and include such activities as the identification of benefits
related frameworks as the basis for starting achieved to date, assessing the level of integration
their ERM initiative. The company had with strategic planning and performance measurement
started an ERM initiative and realized processes and assessing the impact on the culture of
the company needed to better describe the organization. In this step, the group should revisit the
its strategy before conducting a risk
assessment and ERM. Strategy Maps like COSO ERM Framework as an aid to identify the next risk
the one in Figure 6 were developed to management processes for enhancement. Consideration
help describe the strategy of the company can be given to actions such as;
as part of its Strategic Risk Assessment
Process. The company also established an • Establishing or articulating the risk appetite of the
overall strategic objective in its Strategy organization.
Map which was highly aligned with
risk management: Create and Protect • Implementing a process to identify and react to
Shareholder and Stakeholder Value. The organizational or strategic changes.
management team then developed specific
objectives relating to ERM in a Strategy • Determining how the ERM process can be enhanced to
Map, including developing strategic risk
management skills and culture. They identify opportunities not just threats.
also created specific risk management
objectives in each of its four internal process The new action plan should also identify tangible steps
strategic themes: Conducting Strategic including the specific benefits sought and target dates.
Risk Assessments; Protecting IP; Protecting The plan should be reviewed with executive management
Customer Information; and Minimizing and the board, to assure that the new action plan receives
Product Defect. These objectives help to appropriate resources and support. The risk leader should
integrate risk management with the strategy also consider scheduling additional ERM sessions with
and performance of the company. The directors and executive management to further educate
tactical action plan used by the company them and to update them on the progress and benefits of
was to include specific risk management the ERM initiative. Finally, the risk leader should continue
strategic objectives in the strategy of the
company and to reflect those in the strategy an organization-wide communication process to further
map and also to develop performance build and reinforce the desired risk culture of
measures and action plans related to those the organization.
strategic objectives which further helped
the company connect risk management with
strategy and performance.
c oso . or g
