Enterprise Risk Management
A Systematic Approach to Managing Risk
Our team of ERM experts combines extensive risk management capabilities with technical industry operational experience to assist in identifying and overcoming the challenges in enterprise risk management. We can help our clients in a variety of industries and in the Government sector prepare for the unforeseen while at the same time advancing their business objectives.
Systematic implementation of an ERM strategy will:
- Improve decision-making by making the decisions more risk-informed and defensible
- Enable proactive management of risk rather than reactive actions
- Provide a comprehensive and holistic view of the organization-wide strengths and weaknesses, as well as external risks
- Connect leadership to the field by establishing a formal feedback loop and enhancing communications
- Support strategic planning by identifying risks to the organization's mission and managing the risks associated with executing the plan
- Link to performance management through the development of performance metrics for risk treatment actions
- Bring unknowns to light through systematic risk identification and analysis
- Validate investments and support budget justifications
- Align with government mandates and best practices, such as ISO 31000, COSO and OMB circulars A-11, A-123, A-50 and A-133
Becoming a Risk-Informed Organization
ERM should not be a standalone process, but an integrated element of an organization's performance management system. ERM should support business planning cycles, such as budgeting and strategic planning, to guarantee progress in identifying and managing risks. In other words, as ERM is implemented and matured over time, activities will become risk-informed, and key business decisions will be improved by considering risk impacts as part of the process. Specifically, an integrated ERM process will generate information in four key areas to help inform the key decisions:
- Strategic Risk Understanding
Are the enterprise strategic risks adequately understood?
- Strategic Risk Tolerance
Which strategic risks should be accepted? Which should be reduced?
- Strategic Risk Management
Which treatments will be most efficient and effective in reducing risk? When and how will they be implemented?
- Risk Management Optimization
Are performance measures and the implementation status monitored to inform which treatments should be increased, decreased or eliminated in subsequent cycles to optimize risk reduction across the enterprise?
Traditionally, an organization's approach to ERM tends to be internally focused on governance and compliance-oriented risks in the areas of financial reporting, taxes, information security, human resources, fraud and legal. While these are undoubtedly important areas to consider as part of ERM, the ABS Group approach takes a broader perspective using its technical subject matter experts to identify both internal and external events that could threaten an organization's viability, including:
- Natural hazards
- Major accident hazards
- Security hazards
- Unfavorable economic conditions
- Competition in the marketplace
- Compliance failures
- Governance failures
We call this Adaptive ERM, an approach that makes business activities more risk-informed. The end result is that risk impacts are considered part of a process that can improve decision-making and, in turn, business results.
Discover more insights in our articles, "Complying with OMB Circular A-123: The Push for Enterprise Risk Management" and "Redefining Enterprise Risk Management."