Home
About Us
Services
Interactive
Contact Us

   Home » Services » Enterprise-Wide Risk Management (ERM)

Overview
Data Mining
Sarbanes-Oxley
Governmental Solutions
Annual Financial Reporting Model Regulation (MAR)
Enterprise-Wide Risk Management (ERM)
Internal Audit
SAS 70 Services
 
Enterprise-Wide Risk Management (ERM)
Enterprise Risk Management (“ERM”) is the next generation of Sarbanes-Oxley (“SOX") and the Annual Financial Reporting Model Regulation (“AFRMR”). Unlike SOX and AFRMR which primarily focus on risk mitigation surrounding the integrity of financial data, ERM focuses on three primary risk drivers: 1) risk identification and understanding; 2) risk acceptance and tolerance; and 3) risk management and mitigation surrounding all company data and functions. More than just a compliance initiative, ERM is a process facilitated by an organization’s management and support personnel which is applied across the entire entity and is designed to identify and manage potential events (i.e., risks) that may have an adverse effect on the entity’s ability to achieve its strategic objectives.

Put simply: “ERM is more than just mitigating known risks, it is understanding the nature and origin of potential risk and deciding if and how to take it on.”
The foundation of ERM is built on the Committee of Sponsoring Organizations of the Treadway Commission ("COSO") Internal Control-Integrated Framework (http://www.coso.org/). COSO established the most widely accepted understanding and definition of internal controls and risk management (i.e., the Gold Standard) which is the cornerstone for successfully managing enterprise-wide risk and developing an effective and sensible ERM process.



The Interactive Solution
Interactive Solutions, LLC believes that ERM is a proactive approach to understanding and preparing for what will occur in the future, not a reactive response to what has already transpired. We have a myriad of professionals with extensive experience in assisting organizations with this understanding. Through experience, we have developed a logical approach (Solution) to implementing ERM which consists of tangible action items and tasks designed to take the ambiguity out of the process. Our Solution is outlined in the following Steps.

Step 1) Perform an Enterprise-Wide Risk Assessment
Objective:
Through discussions with management, determine and document the methodology for identifying what will be addressed in their ERM initiative.

Tasks: Phase 1
  • Information gathering (risk assessment activities, approach, background, regulatory reports).
  • Develop project plan, time line, and agree upon key deliverables.
  • Validate project plan and deliverables with management.
  • Identify preliminary risk language and develop risk inventor questionnaires.
  • Develop materials and hold education / risk awareness session(s) with Senior Management and / or Audit committee.

Deliverables: Phase 1
  • Project Planning Document.
  • Risk awareness session slides and / or materials.
  • Risk inventory.
  • Risk inventory questionnaire (for distibution to stakeholders and / or business units and for use in conducting interviews).

Tasks: Phase 2
  • Conduct risk assessment interviews with key members of management.
  • Compile results of interviews.
  • Execute 5 risk assessment facilitated workshops to identify, analyze, and prioritize key risks and strategies.
  • Develop and distribute a risk assessment survey.
  • Compile and analyze results of risk assessments and surveys for business units.

Deliverables: Phase 2
  • Interview summaries.
  • Risk surveys.

Tasks: Phase 3
  • Develop a risk map to prioritize key risks.
  • Assess the maturity of risk management strategies for the top 10 business risks.
  • Prepare a gap analysis and identify goals for improving risk management for the top 10 key business risks.
  • Define a high-level ERM implementation plan to improve risk management capabilities.
  • Finalize long-term implementation plan for ERM on a company-wide basis, including communication strategies for the board and management.
  • Prepare, review, and deliver final report

Deliverables: Phase 3
  • A risk map to summarize and prioritize key risks.
  • Final assessment of the current state of risk management for key risks.
  • Gaps to be addressed to achieve desired future state for the top 10 key business risks.
  • High-level ERM implementation plans for the next 3 to 6 months to improve risk management capabilities for up to 10 risks.
  • Long-term implementation plan for ERM on a company-wide basis, including communication strategies for the board and management.

Step 2) Create Internal ERM Framework & Policy
Objective:
Through discussions with management, develop and document the internal ERM framework and policy utilizing the criteria established by the Committee of Sponsoring Organizations of the Treadway Commission ("COSO") Internal Control-Integrated Framework.

Tasks:
  • Develop a comprehensive ERM framework and governance policy.

Deliverables:
    A comprehensive document outlining the internal requirments for adopting a comprehensive ERM strategy including:
  • Roles / Responsibilities
  • Expectations of key management
  • Enforcement
  • Management and Board reporting

Step 3) Develop the Management Reporting Mechanism
Objective:
Assist management to develop a risk management dashboard for management and board reporting.

Tasks:
  • Identify key reporting metrics.
  • Draft a management "dashboard."
  • Circulate to management for review and comment.

Deliverables:
  • Management reporting "dashboard."
  


Login   |  Terms of Use   |  Privacy Policy   |  Contact Us
Copyright © 2002 - 2009 Interactive Solutions, LLC. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited. The term “Interactive Solutions” collectively refers to Interactive Solutions, LLC and its respective division audit firm, IS Partners, LLC, which is a licensed CPA firm.