Having highlighted the pitfalls, let's look at what needs to go right—focusing on what methodologies are most effective for successfully implementing an ERM system.
A Proven Method
Let's proceed on the basis that a company's CEO is fully supportive of moving forward with the ERM initiative. Whatever the impetus—perhaps urging from the board of directors or the audit committee, or learning a hard lesson from failure to see some critical risk, or simply recognizing the many benefits of ERM—the CEO and senior management team are committed to developing an effective ERM process.
For guidance on how to proceed, we can look to COSO's ERM report, which is based on significant experience with companies that have implemented ERM in their organizations. Drawing from that guidance we can outline the basic steps to ERM success.