Enterprise risk management (ERM) is an integrated, forward-looking and process-orientated approach to managing all key business risks and opportunities - not just financial ones - with the intent of maximizing value for the enterprise as a whole. KnowledgeLeader provides policies, tools, articles, and other resources to help you:
Articles from thought leaders share techniques and approaches, providing ideas, best practices, and actionable advice. Select one of the areas below to view a sample of the risk management and risk assessment information available on KnowledgeLeader. We have also provided summaries of other risk related articles and tools that are available with a free trial or subscription.
- Understand enterprise risk management
- Develop risk management and risk assessment checklists, policies, and procedures;
- Understand current risks;
- Discover best practices to mitigate risk;
- Reduce business risk in all areas.
Below you will find just a few examples of the KnowledgeLeader materials focused on Enterprise Risk Management:
Risk Oversight and Risk Management Questionnaire
Risk oversight and risk management are a high priority on the agenda of most organizations. The purpose of this questionnaire is to help boards and management think about how they can develop a deeper knowledge of the risk oversight and risk management processes, understanding both the current state and desired future state.
Credit Risk Policy
This sample credit risk policy outlines a set of policies and procedures formalizing the credit risk management process, the goal of which is to: protect against any unwarranted customer or counterparty credit exposures; maintain credit risk at a manageable level; and identify and avoid a material credit failure (of a significant value, which would impact earnings).
Enterprise Assessment and Monitoring Procedures
The purpose of this risk management assessment is to develop a consistent process for scheduling and managing IT security assessment processes. The general steps outlined provide a process for conducting various types of assessments, as well as guidelines for monitoring of security compliance within the computer system and network environments.
Enterprise Business Risk Management Process - Overview Framework
Enterprise business risk management is illustrated broadly in this framework. It is a continuous process of establishing risk management objectives, assessing risks within the context of established tolerances, developing strategies and implementing risk management processes, and monitoring and reporting upon those processes.
Enterprise Risk Management Interview Questionnaire
The ultimate goal of Enterprise Risk Management (ERM) is to evaluate total returns relative to total risks, leading to more informed business decisions. This questionnaire can be used when assessing an organization’s enterprise risk management strategy. It focuses on the internal environment, objective setting, event identification, risk assessment, risk response, control activities, and information and communication.
Enterprise Risk Management Project Plan - Sample Risk Management Plan
Enterprise Risk Management (ERM) requires clear risk management goals and objectives, linked to business objectives and strategies. This document is a sample project plan utilized during the planning phase of implementing ERM across an organization. The project plan supports a phased implementation approach detailing tasks, deliverables, and a project timeline.
ERM Summary Approach – Guide
Identifying, understanding and evaluating the organization’s most significant risk areas will set the foundation for a robust ERM program. This guide outlines an approach to building ERM capabilities that includes the following components: planning, facilitated risk discussion, risk analysis, external verification, management review and gap assessment.
Fraud Prevention and Detection Audit Work Program
This fraud prevention audit work program can be used by internal auditors as an evaluation tool or converted into a questionnaire for use with management to better understand current fraud prevention and detection program activities.
Human Resources Risk Management Presentation
This short risk management guide helps define human resources risk, and identify the major HR processes and sub-processes where risks occur.
Job Description: Chief Risk Officer - Sample 3
This Chief Risk Officer job description provides requirements for the position of Chief Risk Officer.
Managing Outsourcing and Offshoring Risk – Questionnaire
As companies focus on managing their operations in a difficult economic environment, they seek to become leaner and more focused, efficient and effective. This outsourcing risk questionnaire focuses on questions for board members and management to consider when managing risks related to outsourcing or offshoring business activities.
Risk Assessment Survey Template - Sample
The goal of Enterprise Risk Management is to identify, evaluate and manage key risks impacting an organization’s ability to achieve its objectives and strategies. This risk assessment template provides a template to inventory and assess critical risk areas (business functions) and the associated risks embedded within each area. The results can be used to help develop an internal audit plan. The results may also be included in the risk assessment report provided to the audit committee.
Risk Management Oversight Committee Charter
The purpose of the risk management oversight committee is to monitor the organization’s risk environment and provide direction for the activities to mitigate, to an acceptable level, the risks that may adversely affect the company’s ability to achieve its goals. This risk management oversight charter serves as an example document outlining this committee’s various responsibilities.
Using Risk Management Frameworks
This risk management framework presentation defines and describes various types of internal controls. Then it reviews control frameworks including COSO, COSO ERM, and COBIT. Finally, it describes the elements and implementation of an enterprise risk management solution.
The Combined Code of Corporate Governance (Turnbull Report) - UK
The Combined Code of Corporate Governance challenged directors of listed companies to raise their game on business risk management. To help companies respond, in 1999 the Institute of Chartered Accountants of England and Wales's (ICAEW) Internal Control Working Party chaired by Nigel Turnbull, published Internal Control: Guidance for Directors on the Combined Code ("the Turnbull report"). The Turnbull guidance was updated on October 2005.
Assessing Risk: A Strategic Perspective
Arising from internal process issues and disruptive change in the external business environment, these strategic risks can be lethal because they may not be known to management and the board. This issue of Board Perspectives: Risk Oversight discusses how strategic risk analysis can assist senior management with understanding the critical assumptions underlying the strategy and how contrarian analysis can be used to challenge those assumptions.
The Evolving Risk Landscape
This issue of Board Perspectives: Risk Oversight discusses the World Economic Forum’s report on global risks, which include five categories: economic, environmental, geopolitical, societal and technological. How do such global forces impact your organization, and are you prepared?
Role of Technology in the Risk Assessment Process
The internal auditor needs to consider issues of risk at a number of levels in the course of fulfilling the internal audit mandate. This article will focus on technology’s critical role in this process. Technology offers the ability to examine entire populations of transactions and business activities – on a timely basis – to look for indicators of risks that are not effectively mitigated or controlled.
Risk Management and Mapping at Sequana
Sequana Group is a leader in the paper industry based in Paris, France. In this profile, Alexander Danjou, Group Internal Audit Director at Sequana Group, discusses the need to reinforce its compliance with French financial regulations related to internal control and risk management procedures. To meet this requirement, Danjou and his team began focusing on updating and rebuilding their risk mapping strategies.
Internal Auditing Around the World
Protiviti’s publication Internal Auditing Around the World - Volume IV continues to detail internal audit best practices, processes and strategies being employed at some of the world’s most successful companies. These 19 companies represent different regions, industries and markets. They are highly successful organizations operating with only a handful of full-time personnel – some staff members working on-site, others based in different business units and distant locations.
Managing Reputation Risk
Reputation risk is a complex concept. As a prerequisite for doing business, reputation is like a ticket to a concert or sporting event – you can’t get in without it. Ultimately, the CEO and the board own the responsibility to protect the enterprise’s reputation. This newsletter provides questions for the board to consider.
Oversight of Information Technology Risk
The rapidly changing technological environment exposes many industries and business models to disruptive change. This issue of Board Perspectives: Risk Oversight addresses the implications of this changing environment from a board risk oversight standpoint and provides suggestions to help boards enhance their oversight of information technology risk.
Assessing Current Capabilities and Areas for Improvement
Among Today’s Internal Auditors - Bob Hirth reviews key findings from the firm's 2010 Internal Audit Capabilities and Needs Survey.
Assimilating Governance into your ERM Process
In an increasingly risky world, the discipline of risk management is moving steadily beyond the tactical level as organizations take a fresh look at enterprise risk management (ERM) and explore how best to assimilate governance into their ERM process. Integrating governance and ERM is not a new idea. The two processes have long been intertwined conceptually. Since integration is so vital to the success of ERM, this article focuses on assimilating governance into the ERM process.
Building an internal audit function at Cadence Design Systems
Cadence Design Systems, Inc. is the world's leading electronic design automation technologies and engineering services company. In this profile, John Springer, director of internal audit and compliance at Cadence, discusses how the internal audit group was formed in response to the emergence of Sarbanes-Oxley regulations, and how it was internal audit’s role to program Sarbanes-Oxley compliance processes throughout the business. Springer also describes the cultural shift within the organization around accepting and understanding the presence of an internal audit function.
Enterprise Risk Management in Practice – Profiles of Companies Building Effective ERM Programs
With the increased interest in enterprise risk management (ERM), it made sense to compile examples of how different companies in the United States, Europe and Japan are improving their risk management capabilities. In this publication, 11 companies are profiled discussing the common theme of how ERM is integrated into their operations. In producing the various profiles for this publication, several common themes emerged that demonstrate why and how companies across multiple industries are improving their risk management capabilities. Each of these profiles are published as stand-alone publications in the Performer Profiles area on KnowledgeLeader.
Enterprise Risk Management and Board Risk Oversight – A Tale of Two Surveys from COSO
This Enterprise Risk Management and Board Risk Oversight podcast reviews the results of two just-released research studies from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). One, which COSO commissioned Protiviti to conduct, offers a look at where boards of directors currently stand in executing their risk oversight responsibilities. The second, conducted by the Enterprise Risk Management Initiative at North Carolina State University, assesses the current state of enterprise risk oversight and market perceptions of COSO’s ERM Framework.
Exception Management Explained
The growing need for “exception management” capabilities among organizations of all sizes stems from a steady flow of new regulatory compliance and risk management requirements in recent years. These requirements force process owners to incorporate more rigorous compliance and risk-monitoring into their activities. This need, combined with the evolution of business analysis requirements, has given rise to continuous auditing and continuous monitoring, particularly at companies committed to getting the most valuable bang for their internal audit buck.
Guide to Enterprise Risk Management: Frequently Asked Questions
In today’s challenging global economy, there is a need for identifying, assessing risk management, managing and monitoring an organization’s business opportunities and risks. The concept of enterprise risk management (ERM) helps elevate the focus of risk management from the tactical to strategic level. The purpose of this publication is to address some of the most commonly asked questions with respect to ERM. It offers ideas, suggestions and insights to executives responsible for ERM implementation.
Internal and external forces shape risk management at Akzo Nobel
Akzo Nobel, based in the Netherlands, is a global Fortune 500 company serving customers through its three business segments - human and animal healthcare, coatings and chemicals. In this Enterprise Risk Management profile, Dick Oude Alink, corporate risk manager, discusses how the company’s diverse and decentralized business landscape lends itself to risk management. Oude Alink also describes the company’s risk management Knowledge Center, which ensures risk-related information is timely, accurate, and readily available at all levels of the organization.
Managing Contract Risks: Third-Party Contract Audits
As outsourcing becomes more prevalent, management’s expectations of service providers will rise – going beyond simply requiring reliable operations to demanding a true business partner who provides a competitive advantage. Utilizing stringent contract management and detailed contract audit procedures can help deliver the value management expects from outsourced arrangements.
Relevance to Sarbanes-Oxley Compliance
This section of Protiviti's “Guide to Enterprise Risk Management: Frequently Asked Questions" addresses common questions about the relevance of Sarbanes-Oxley compliance. Topics covered include: Does the Sarbanes-Oxley Act of 2002 require companies to adopt ERM? Are there any other laws and regulations mandating ERM? Can ERM assist certifying officers with the discharge of their Section 302 certification and Section 404 assessment responsibilities? And, should management broaden the focus on compliance to managing business risk?
Management of business risks has become an increasingly important issue. In this article, Protiviti’s Dr. Gabriel Kuhn presents background information on risk measurement and risk estimation, and shows several quantification methods for the four main risk types: credit risk, market risk, liquidity risk and operational risk.
The Elephant in the Room – Understanding the Audit Challenges of Project Risk
The value of internal audit as a critical component of corporate governance and risk management is an undisputed fact. However, within an increasing audit universe, there is an elephant in the room that often escapes notice during the audit planning process, but can have significant implications for the business if left unaddressed. Part one of this two part series, introduces this elephant: the need for risk management oversight and monitoring of project risk. The final part of the series discusses what traps to avoid when reviewing project risk and internal audit’s growing role in this area.
Proactive Risk Management with SAP BusinessObjects – Leveraging Technology to Gain Enterprise Transparency and Rapid Insight into Changing Business Conditions
“What is the totality of our enterprise risk?” That’s a question being raised more often in today’s boardrooms as organizational leadership comes to realize that effective enterprise risk management (ERM) entails more than just the monitoring of financial risk. While financial risk is still an ongoing concern, enterprises also must be vigilant about identifying and being prepared to respond proactively to a wide range of risk, such as: strategic risk; environmental- or health-related risk; political/geopolitical risk; operational risk; and legal and compliance risk.
Regulatory Intelligence: Leveraging Technology to Maintain Compliance Efficiently and Effectively
Regulatory compliance ranks among the top challenges for organizations today. Whether it is Sarbanes-Oxley, corruption or the countless financial regulations that are in the process of being reformed worldwide, companies have seemingly countless laws and requirements they must comply with or face severe penalties. They also face the challenge of doing so without crippling their revenues and profits. In this episode, Protiviti Managing Director Scott Gracyalny talks about the importance of regulatory intelligence and leveraging technology to achieve compliance efficiently and accurately.
Securing the Cloud—Governance, Risk and Compliance Issues Reign Supreme
While acknowledging the many benefits that cloud computing solutions bring to the world, it is important to note that recent research has identified a myriad of potential governance, risk and compliance (GRC) issues. This article informs the potential cloud adopter, not only of the technological benefit, but also the potential security, privacy and related GRC issues that need to be prioritized, managed and mitigated before full implementation occurs.
Technology Investment: Achieving Balance Between Business Requirements and Regulatory Compliance
Today, with most enterprises having achieved initial compliance, the effort is shifting toward a critical phase: Companies now strive to maintain ongoing compliance while working to drive down cost and improve overall business performance. The effective CIO must now strive to balance aspects of IT growth, business alignment, risk mitigation, operational efficiency and compliance.
Understanding, Defining and Managing Risk Appetite
In the wake of a global financial crisis that changed the economic landscape and how companies worldwide operate, a key area of focus for boards and executive management has been risk appetite. What is a company’s tolerance for undertaking risk? What is the difference between just enough and too much? In this podcast, Managing Directors Cory Gunderson and Michael Schuchardt talk about risk appetite and how it can create competitive advantage.
Veritas – Risk management and audit services at Harvard University
Founded in 1636, Harvard University is one of the most venerable institutions of higher learning in the U.S. In this profile, Gail McDermott, chief audit executive of the Risk Management and Audit Services function at Harvard, discusses three key team initiatives. These include developing an internal control structure that supports globalization efforts, application of SAS 112, and promoting ethics and accountability across the University.
KnowledgeLeader also helps you find the best links to other ERM and Risk Assessment related resources on the web. Here are a few examples.
COSO Enterprise Risk Management - Integrated Framework
The framework defines essential enterprise risk management components, discusses key ERM principles and concepts, suggests a common ERM language, and provides clear direction and guidance for enterprise risk management. Engaged by COSO to lead the study, PricewaterhouseCoopers was assisted by an advisory council composed of representatives from the five COSO organizations.
IRMI: The Risk Analysis and Insurance Training Company
IRMI provides advice and strategies for risk management, insurance, and legal professionals. This website includes an online library of risk and insurance publications, conferences, webinars, and seminars.
OCEG is a nonprofit organization that uniquely helps organizations drive Principled Performance™ by enhancing corporate culture and integrating governance, risk management, and compliance processes via: guidelines and standards, community of practice, and evaluation criteria & benchmarks.
Risk and Insurance Management Society
The Risk and Insurance Management Society, Inc. is a professional organization dedicated to advancing the practice of risk management, a professional discipline that protects physical, financial and human resources.
RiskCenter is a web-based syndicated news service devoted exclusively to providing financial risk professionals with the inside scoop on breaking economic, political and financial stories, as well as the risk strategies required to measure and manage these risks. RiskCenter sources its information from federal banks, treasury units, and international agencies, for example-and internal sources.
The Risk Management Association (RMA)
Helping Financial Institutions Manage Risk Enterprise-Wide. In today’s world, managing risk has become a necessity, not an option. The Risk Management Association (RMA), a member-driven professional association, helps banking and nonbanking institutions identify and manage the impacts of credit risk, operational risk, and market risk on their businesses and customers. They achieve this through education, research, networking, and leadership opportunities.