CHAPTER FOUR
The ERM Process: Step by Step
The vast majority of organizations, if not all, consider risk, discuss risk, and proactively address potential high-risk incidents or situations. In doing so, most probably do not often use the terms “risk,” “risk incidents,” or “risk response.” Management has informal discussions about what could go wrong or what events may occur that can have a negative impact on the business and subsequently determines how to handle these situations. However, a significant number of these same organizations do not conduct a formal risk assessment and have not developed a comprehensive risk management program. The information in this chapter provides a practical guide for the design and implementation of an effective enterprise risk management (ERM) program.
Every organization’s risk management program will be different because each company is unique. Risk profiles and risk appetites differ. It is critical to the development of an effective risk management program that management obtain a solid understanding of both the risks and the related severity of each in order to customize an appropriate solution for the organization, including the categorization of risk responses. An effective risk management program allows an entity to make informed decisions guided by proactive, documented solutions and considerations versus reaction and guessing.
ERM program design and implementation does not necessarily require external expertise. Management and the board ...
