Certified Public Accountants
& Business Consultants

Focus on Business Advisory Services: Approaches to Successful Enterprise Risk Management Programs

Contact Our Team

Enterprise Risk Management, commonly known as ERM, is the identification and mitigation of risks associated with a company’s strategic goals. An organization must align strategic goals and resources when implementing and maintaining a successful risk management program.
March 7, 2011

Enterprise Risk Management, commonly known as ERM, is the identification and mitigation of risks associated with a company’s strategic goals. An organization must align strategic goals and resources when implementing and maintaining a successful risk management program.

Effective Risk Strategy

  • Effective ERM integrates with strategic planning in the following areas:
    • Financial/Operational – Defines how much and what type of value the organization must create to satisfy shareholders and stakeholders.
    • Customer – Describes the value proposition the organization promises to deliver to its customers and why customers should buy from the organization, rather than rival competitors.
    • Process – Describes how the organization will efficiently and effectively deliver value promised to customers.
    • Learning and Growth – Identifies the resources required to enable the organization’s employees to achieve strategic objectives.
  • Utilizes all disciplines within an organization
    • Too often the responsibility of risk management is placed upon a few individuals within an organization. ERM assigns risk management responsibilities to all departments within an organization, and empowers all employees to consider the likelihood and impact of both internal and external risks.
  • Focuses on Continuous Improvement
    • Continuous improvement challenges organizations to constantly evaluate the effectiveness of its processes and provide value to its customers. A successful ERM framework will promote continuous improvement by regularly reviewing key risks and key risk mitigation actions/strategies.

Why is ERM Important Now?

  • Uncertain economic future
    • The uncertainty of the overall condition of the US and global economies increasingly emphasizes the need for risk management, and the achievement of strategic goals.
  • Risk management is a top priority for Boards
    • Poor risk management practices have been blamed for the credit crisis and ensuing global financial meltdown. Institutions and regulators suggest that risk previously was simply reported, rather than managed.
    • SEC mandate requiring enhanced disclosure regarding risk, compensation, and corporate governance for proxy and other informational statements.

Benefits of an Effective ERM Program:

  • Align and integrate risk management practices
  • Reduce unacceptable performance variability
  • Build confidence of investment community
  • Enhance corporate governance
  • Successfully respond to changing business environment
  • Align risk taking strategy with corporate culture

RubinBrown’s ERM 4 Phase Approach:

Phase 1: Understand the Organization’s Expectations and Strategic Objectives

  • Understand the organization’s strategic direction
  • Analyze common industry risks and competitors
  • Identify or analyze key performance indicators, drivers, and processes associated with strategic plans
  • Define impact and likelihood profile factors

Phase 2: Define Key Risks and Risk Environment Assessment

  • Identify specific goals, objectives, and drivers to the strategic plans
  • Identify the risks to achieving the specific goals, objectives, and drivers
  • Develop risk indicators for each risk identified
  • Perform a management assessment of the risk universe

Phase 3: Develop/Assess Key Risk Mitigation

  • Link key risks to the organization’s current activities, processes, and locations
  • Align key risks to the appropriate risk indicators
  • Evaluate mitigation strategies and recommend improvement as needed

Phase 4: Communication and Continuous Monitoring

  • Develop continuous organization-wide monitoring program over identified risks
  • Develop risk management and reporting model consisting of:
    • Responsible personnel (“risk owners”) for monitoring risks and risk indicators
    • Monitoring timeline which defines the frequency of assessment and reporting
    • Reporting requirements, includes the methods of gathering information from all risk owners and adjusting mitigation strategies as needed

Success Factors:

  • Ensure ERM approach and infrastructure match the organization structure and style
  • Educate continuously
  • Align with strategy of the organization
  • Establish executive and board commitment
  • Assemble the strongest team possible
  • Continuously improve risk management by focusing on business performance
  • Develop quantification process to measure risk impact to value
  • Coordinate enterprise-wide response to the most significant risks
  • Sustain risk management and use it to create business value


    Under U.S. Treasury Department guidelines, we hereby inform you that any tax advice contained in this communication is not intended or written to be used, and cannot be used by you for the purpose of avoiding penalties that may be imposed on you by the Internal Revenue Service, or for the purpose of promoting, marketing or recommending to another party any transaction or matter addressed within this tax advice. Further, RubinBrown LLP imposes no limitation on any recipient of this tax advice on the disclosure of the tax treatment or tax strategies or tax structuring described herein.

    All Enterprise Risk Management News                             Enterprise Risk Management Services


    For further information, contact: