The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Blog   /  Objective Centric vs Taxonomy approach to ERM

Objective Centric vs Taxonomy approach to ERM

The Objective-Centric (OC) – identifying risks in relation to objectives – approach to risk is recommended by both ISO 31000 as well as COSO 2017 and represents current best International practice. COSO 2004, however, prefers the Taxonomy approach (identifying risks in relation to definitions). The OC approach and Taxonomy are diametrically opposite and incompatible from a risk identification perspective. The OC system is more practical than the taxonomy approach and focuses the organisation on achieving organizational objectives rather than just identifying “risk” from an academic and theoretical perspective.

Symptoms of a Taxonomy approach would be the failure to get organizational support for risk management, risk registers where the mitigation action due date has passed and the person responsible for the mitigation resigned two years ago but the risk register has never been updated – because the line views (and they are correct!) the risk registers as academic and a waste of their valuable time – even I would not want to waste my time completing such academic and impractical risk registers.

The open style of the OC approach ensures that all risks, including emerging risks, etc., are properly identified and risk identification is not limited to the extent and range of the up-front risk categories provided under a Taxonomy approach. Hence, under a Taxonomy system for example, if you do not have a category for (say) “Pandemic risk”, you will fail to identify any pandemic risk – as that is how Taxonomy works. Additionally, if for example you have mis-defined said “pandemic risks”, then you will once again fail to fully and properly identify pandemic risk. Also, the taxonomy approach has a tendency to identify risk effects (i.e. consequences) rather than sources of risk – such as reputational risk and strategic risk (both of which are not sources of risks but rather consequences of risks which, accordingly, would be the wrong focus for any mitigation strategy).

None of the problems are present with a properly implemented OC approach via something like the IERP®’s Goals and Objectives Harmonisation approach. Unfortunately, the majority of consultants and so called “ERM experts” really have no idea on how to properly implement the OC approach. The IERP® is one of the few organisations who is expert in implementing it. We have even designed a special tried and tested program which can implement the OC approach in any organisation of any size in 4 days. Success stories include organisations as diverse as Financial Institutions, technology companies, manufacturing companies, to oil and gas companies and property developers and other service organisations.

    Name (required)

    Email Address (required, business email address only)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    CallEmail

    What is the biggest challenge in your job/industry

    Which modules are you interested in? (required)

    Managing ESGMechanics of ESGEnterprise Risk Management

    Message

      Name (required)

      Email Address (required, business email address only)

      Mobile Number (required)

      Company (required)

      Designation (required)

      Preferred Contact Method: (required)

      CallEmail

      What is the biggest challenge in your job/industry

      Message

        Name (required)

        Email Address (required, business email address only)

        Mobile Number (required)

        Company (required)

        Designation (required)

        Preferred Contact Method: (required)

        CallEmail

        What is the biggest challenge in your job/industry

        Which modules are you interested in? (required)

        Evaluating Risk and Internal ControlCorporate GovernanceEstablishing a Cybersecurity FrameworkEnterprise Risk Management

        Message

          Name (required)

          Email Address (required, business email address only)

          Mobile Number (required)

          Company (required)

          Designation (required)

          Preferred Contact Method: (required)

          CallEmail

          What is the biggest challenge in your job/industry

          Message

            Name (required)

            Email Address (required, business email address only)

            Mobile Number (required)

            Company (required)

            Designation (required)

            Preferred Contact Method: (required)

            CallEmail

            What is the biggest challenge in your job/industry

            Which modules are you interested in? (required)

            Digital Risk Management and DisruptionMechanics of CyberSecurityEnterprise Risk Management

            Message

              Name (required)

              Email Address (required, business email address only)

              Mobile Number (required)

              Company (required)

              Designation (required)

              Preferred Contact Method: (required)

              CallEmail

              What is the biggest challenge in your job/industry

              Which modules are you interested in? (required)

              Evolution of BCM Standards, Policies and FrameworksBIA & BCMS Frameworks and StrategiesRisk, Sustainability, Metrics and Crafting Effective Business Continuity Plans

              Message

                Name (required)

                Email Address (required, business email address only)

                Mobile Number (required)

                Company (required)

                Designation (required)

                Preferred Contact Method: (required)

                CallEmail

                What is the biggest challenge in your job/industry

                Which modules are you interested in? (required)

                Emergency Preparedness, Response, BC Awareness and trainingBCMS Performance, Metrics and Audits, Disaster Recovery Plans and Lean MethodologiesCrisis Management

                Message

                User registration

                Reset Password