When looking forward to future models and frameworks of Enterprise Risk Management, it is worth looking back, to see what they looked like originally, and make comparisons. For instance, the COSO ERM framework introduced in 2004 was an industrial and attempted professional measure to help organisations identify, understand and prioritise
What is Enterprise Risk Management (ERM), and what are organisations looking for, when they implement it? ERM may be described as methods of risk management that are applied to identify and mitigate risks faced by the entity (or enterprise). By applying the principles of ERM and its tools, users hope
Implementing ERM effectively in an organisation depends to a great extent on the ERM framework that is used. In fact, the ERM framework, correctly established, may be the guiding principles that help to establish the basis of overall organisational health and sustainability. But because each organisation has individual characteristics and
What matters more when implementing ERM – model or mindset? Following an ERM model or framework has to be supported by the right attitude or mindset. When following an ERM model, users need to go beyond mere box-ticking. They have to understand what they’re doing, and why they’re doing it.
Implementing ERM in any organisation depends on both the model to be applied, and the mindsets of those who will be doing the implementation. ERM will challenge the organisation, but will ultimately improve its competitiveness, sustainability and growth over the long term. Organisations which intend to implement it should be prepared
Enterprise Risk Management (ERM) works best when it has been properly thought through and implemented. Organisations have been trying to identify, assess, prioritise, treat and monitor their risks for many centuries; but today’s risks, of course, are infinitely more complex so it is no wonder that the task of mitigating
Enterprise Risk Management (ERM), sometimes referred to as the application of management processes, policies and procedures to identify, assess, prioritise, treat and monitor the risks faced by an organisation, has been evolving for more than six decades. Traditionally, it’s application was restricted to minimise accidental losses and mitigate to a