The Elements of Enterprise Risk Management

Risk Advisory/Internal Audit

By Angela Gillis

Enterprise risk management, when designed and operating effectively, serves to promote the achievement of an organization’s strategies and goals. For an enterprise risk management framework to be robust and sustainable, the following key elements must be embedded within the framework:

  • Risk Governance
  • Risk Appetite
  • Risk Management Techniques

Risk Governance
A well-established risk governance structure requires an active and engaged Board of Directors supported by an experienced senior management team and a risk management group that is independent of the business lines. The Board of Directors should ensure that decision-making is aligned with the organization’s strategies, goals and risk appetite. Executive management is responsible for risk management under the oversight of the Board. The business lines should be responsible for both the development and execution of business plans and their alignment with the organization’s risk management framework, and be accountable for the risks they incur.

Risk Appetite
Risk appetite is the level of risk that an organization is prepared to accept, before action is deemed necessary to reduce it. Precise measurement of risk appetite is not always possible and will sometimes be defined by a broad statement of approach. Your organization may have an appetite for some types of risk and be averse to others. Regardless, the Board should receive regular updates on the key risks to the organization.

Risk Management Techniques
A type of risk management technique commonly used is a risk measurement reporting which aggregate various measures of risk across products and businesses, and is used to ensure compliance with policies, limits and guidelines. They also provide clear statement of the amounts, types and sensitivities of the various risks in the organization’s portfolios. Senior management and the Board use this information to understand the organization’s risk profile.

In conclusion, the value of risk management in an organization cannot be easily calculated. It is the management of risks that, if they were to come to fruition, could impact your organization in a variety of ways, some of which could potentially put one out of business. Initial risk management programs will never be perfect. Practice, experience and actual loss results will necessitate changes. The Schneider Downs Internal Audit and Risk Advisory Services practice can help you build your fundamental risk management program, maximizing your strengths and minimizing your risks. 

© 2013 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2019 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.