Call
Ask an Expert
Tel: +1-281-673-2800
Fax: +1-281-673-2931
Find an Office
Email
Email Us

Enterprise Risk Management

Enterprise Risk Management

Organizations must identify and avoid major catastrophic events. Changing market conditions, employee unrest, negative public relations events, major accidents, legal conflicts, inadequate manpower resources, natural disasters and supply chain disruption are just some of the many risks that challenge an organization. The objective of enterprise risk management (ERM) is to provide enduring management of internal and external risks that threaten achievement of an organization's mission.

A Systematic Approach to Managing Risk

Our team of ERM experts combines extensive risk management capabilities with technical industry operational experience to assist in identifying and overcoming the challenges in enterprise risk management. We can help our clients prepare for the unforeseen while at the same time advancing their business objectives.

Systematic implementation of an ERM strategy will:

  • Improve decision-making by making the decisions more risk-informed and defensible
  • Enable proactive management of risk rather than reactive actions
  • Provide a comprehensive and holistic view of the organization-wide strengths and weaknesses, as well as external risks
  • Connect leadership to the field by establishing a formal feedback loop and enhancing communications
  • Support strategic planning by identifying risks to the organization's mission and managing the risks associated with executing the plan
  • Link to performance management through the development of performance metrics for risk treatment actions
  • Bring unknowns to light through systematic risk identification and analysis
  • Validate investments and support budget justifications
  • Align with government mandates and best practices, such as ISO 31000, COSO and OMB circulars A-11, A-123, A-50 and A-133

Becoming a Risk-Informed Organization

ERM should not be a standalone process, but an integrated element of an organization's performance management system. ERM should support business planning cycles, such as budgeting and strategic planning, to guarantee progress in identifying and managing risks. In other words, as ERM is implemented and matured over time, activities will become risk-informed, and key business decisions will be improved by considering risk impacts as part of the process. Specifically, an integrated ERM process will generate information in four key areas to help inform the key decisions:

Strategic Risk Understanding

Are the enterprise strategic risks adequately understood?

Strategic Risk Tolerance

Which strategic risks should be accepted? Which should be reduced?

Strategic Risk Management

Which treatments will be most efficient and effective in reducing risk? When and how will they be implemented?

Risk Management Optimization

Are performance measures and the implementation status monitored to inform which treatments should be increased, decreased or eliminated in subsequent cycles to optimize risk reduction across the enterprise?

Traditionally, an organization's approach to ERM tends to be internally focused on governance and compliance-oriented risks in the areas of financial reporting, taxes, information security, human resources, fraud and legal. While these are undoubtedly important areas to consider as part of ERM, the ABS Group approach takes a broader perspective using its technical subject matter experts to identify both internal and external events that could threaten an organization's viability, including:

  • Natural hazards
  • Major accident hazards
  • Security hazards
  • Unfavorable economic conditions
  • Competition in the marketplace
  • Compliance failures
  • Governance failures

We call this Adaptive ERM, an approach that makes business activities more risk-informed. The end result is that risk impacts are considered part of a process that can improve decision-making and, in turn, business results.

Back to top