Page 676 - COSO Guidance
P. 676
Thought Leadership in ERM | Embracing Enterprise Risk Management: Practical Approaches for Getting Started | 7
Example Strategic Risk Profile
Strategic Risk Description of Risk Likelihood impact Velocity Readiness Priority
Operations Supply Chain Disruptions;
Risk Product Liability Events Low High High 1
Reputation Damage to reputation caused by
Risk company actions and/or partner actions Medium High High 2
Information Liability to achieve objectives because
Technology Risk of failures of enabling technology Medium High High 3
Risk 4 4
Risk 5 5
Step 7. The completion of the initial ERM action plan is also an
Develop the next Phase of Action opportune time for the risk leader and the ERM working
Plans & Ongoing Communications group to convey the status and benefits achieved to the
The implementation of ERM is an evolutionary process that board of directors and senior management. The risk leader
takes time to develop. In the spirit of continual improvement, should also consider what types of ongoing education
once the initial ERM action plan has been completed, the offerings and communications should be deployed across
working group or risk leader should conduct a critical the organization to continue to strengthen the organization’s
assessment of the accomplishments to date and develop a risk culture and ERM capabilities.
series of action plans for the next stage of implementation.
Following the incremental approach, the leader should identify
next steps in the ERM roll-out that will foster additional
enhancements and afford tangible benefits as a result.
iii. Continuing ERM implementation
The intent of this paper is to provide a simple illustration of management should be established and nurtured. Ongoing
ways to launch ERM. It represents a beginning, not an end communications from directors and senior management will
point. An organization following this incremental approach serve to reinforce and nurture the risk management culture.
to achieving ERM benefits will have taken a significant first
step toward ERM and have a much better understanding of Once ERM is off the ground, the organization can look for
where it is headed and what needs to be accomplished next. additional ways to expand the implementation of ERM
across the organization. It should also be aware that, while
To lay the groundwork for ERM success, an organization tangible risk processes may have been implemented during
should first establish its initial ERM process as an ongoing this initial phase of ERM deployment, the processes may
and important element that will assist in achieving business likely fall short of a complete ERM process and need to be
objectives. Given the evolutionary nature of ERM and enhanced. Accordingly, the organization’s risk management
the dynamic nature of risk, the ERM process must be leaders need to continue to drive further development and
ongoing and not viewed as a one-time event. The initial maturity of the risk management processes. They need to
risk assessment process will need periodic updating and pursue levels of risk management maturity that reflect the
the organization will need to be attuned to the need to components of the COSO’s Enterprise Risk Management -
identify new and emerging risks. A solid foundation for risk Integrated Framework.
w w w . c o s o . o r g
