Full Text

In this article, Richard Sharman, who heads KPMG's Enterprise Risk Management (ERM) team, considers the key elements of an ERM framework, provides guidance on how business leaders can assess where their organisation is in relation to the concept, and illustrates some methods that can be employed to move their organisations forward.

What is Enterprise Risk Manaqement?

Risk management is rapidly moving up the corporate agenda. Due to a combination of regulatory and other external pressures, such as globalisation, e-business and stakeholder expectations, the pressure is on senior management to make the previously ad hoc and informal risk management process more explicit, and to formally review its effectiveness.

Enterprise Risk Management (ERM) represents the model around which organisations are presently seeking to achieve best practice and utilise risk activity as a driver to enhanced performance. Furthermore, the approach to risk that Enterprise Risk Management promotes is one that is increasingly expected by shareholders, financial markets and wider stakeholder groups.

ERM focuses on proactively managing risk across organisations, encompassing strategic, operational, reputation, regulatory and information risks. Whilst there are differing models and perspectives of how Enterprise Risk Management should be engaged, many agree that it is:

* a top-down approach,

* based on, and supportive of, organisational strategy,

* focused on new ways of managing and optimising the risks of highest importance to the board and management.

A simple definition of Enterprise Risk Management would be:

The corporate-wide application of risk management, supported by a framework and toolkit that delivers aggregated risk information to protect, release and create value.

Moving well beyond the tradition of mitigating risk toward risk portfolio optimisation (determining organisational appetite, seizing opportunities and capitalising on the rewards that result) risk management is now being perceived as a new means of strategic business management.

What we present here is KPMG's current ERM model. We understand that the implementation of this approach may appear challenging for many organisations. But as we shall see, development can be managed on a linear, staged, basis - and succeeds best when existing procedures are retained and built upon.

A framework for ERM

New ERM models maintain that risk management strategy should be aligned with organisational strategy, its vision, mission, objectives and initiatives for growth and development. In doing...