+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

Practice Aid: Enterprise Risk Management. Guidance For Practical Implementation and Assessment, 2018. Edition No. 1. AICPA

  • Book

  • 64 Pages
  • January 2019
  • John Wiley and Sons Ltd
  • ID: 5225555

This publication includes invaluable guidance for anyone responsible for or advising on an enterprise risk management process (ERM), whether the process is in its early stages or is already well established. This resource will help ensure the ERM process is well designed, well executed, and ultimately successful. Global, economic, and regulatory conditions as well as everyday internal risks can affect business operations, so it is important to have a process in place that identifies these events and manages risks. This guide leverages the concepts of existing frameworks as a foundation for providing illustrative examples, best practices, and guidance for implementing or assessing an enterprise risk management process.

Table of Contents

1 Overview of the Enterprise Risk Management Publication 1

I. Introduction 1

II. Who Should Use This Publication 2

III. Conceptual Basis for This Publication 2

2 ERM Benefits, Concepts, and Components 3

I. Benefits of a Successful ERM Program 3

II. ERM Concepts 4

Definition of ERM 4

Risks and Opportunities 4

Risk in Strategy and Objective-Setting 4

The Importance of Taking an Enterprise or Portfolio View of Risk 5

Risk Appetite, Risk Tolerance, and Risk Profile 5

Risk Inventory 6

Emerging Risks 6

Integration and Embeddedness 6

III. Components of an ERM Program 6

1.0 Governance and Culture 7

2.0 Strategy and Objective Setting 8

3.0 Performance 9

4.0 Review and Revision 13

5.0 Information, Communication, and Reporting 13

3 ERM Roles and Responsibilities 15

I. Organization Roles 15

Board or Equivalent Roles 15

Organization Management 16

Internal Auditors 16

II. The Role of External Parties in the ERM Process 17

4 ERMProgramDevelopment 19

I. Mobilize 19

Establishing Appropriate Sponsorship and Resourcing 20

ERM Sponsorship 20

Commitment of Resources 20

Establishing Roles and Responsibilities 21

Program Governance 21

Planning and Launch for an Initial Program Development Phase 21

Timeline 21

II. Current State Analysis 22

Current State Considerations 22

Creating an Initial Inventory of Activities and Outcomes and Gather Documentation 23

Timeline 24

III. Future State Operating Model Design 24

Peer and Industry Analysis 24

Developing a Target ERM Operating Model and Framework 25

Developing the ERM Risk Appetite and Risk Tolerances 25

Linking Current ERM Activities to the ERM Program Plan 27

Documenting ERM Policies 27

ERM Program Scalability and Related Considerations 27

ERM Program Technology Considerations 27

Timeline 28

IV. Gap Analysis 28

Preliminary Observations 28

Recommendations 29

Timeline 29

V. Implementation and Reporting 29

Developing Implementation Roadmap and Project Plan 30

Designing Program Performance Measures and Reporting 30

Communication and Training 30

Changes to the Implementation Plan 30

Timeline 31

5 ERM Program Evaluation and Continuous Improvement. 33

I. ERM Program Evaluation 33

Approach to an ERM Program Evaluation 33

II. Continuous Improvement 34

Approach to Continuous Improvement 34

Commitment to Continuous Improvement 36

Glossary of Terms 37

Appendix A - COSO and ISO 31000 Framework Mapping 39

Appendix B - Example ERM Program Maturity Self-Assessment 45

Appendix C - References 51