CHAPTER 20Additional ERM Templates and Outlines

INTRODUCTION

The focus of this book is on implementing ERM programs. In my work with board members, CROs, and other business leaders, I have found the use of best-practice examples, templates, and outlines to be highly effective in accelerating ERM development and implementation. The purpose of this chapter is to provide the reader with such materials for the following policies and reports:

  1. Strategic Risk Assessment
  2. CRO Report to the Risk Committee
  3. Cybersecurity Risk Appetite and Metrics
  4. Model Risk Policy
  5. Risk Escalation Policy

Each company should develop its own policies and reports based on its business model, size, and complexity. The purpose of these outlines is to provide examples and ideas to support those implementation efforts.

STRATEGIC RISK ASSESSMENT

The following outline provides a summary of the key sections of a strategic risk assessment report that is provided to executive management and the board:

Executive Summary

In this section, the CRO provides a recap of the overall strategy, strategic priorities, and key business objectives.

Strategic Plan Development and Monitoring

This section refers to the Strategic Risk Policy, the ERM framework, and the Risk Appetite Statement. It also summarizes the process of developing the Strategic Plan and ongoing governance, reporting, and monitoring processes at the board and management levels.

Financial Plan

Key financial projections—including business volumes, revenues, ...

Get Implementing Enterprise Risk Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.