We will provide your company with expertise, advice and hands on involvement needed to implement an Enterprise Risk Management system (ERM).
ERM is an evolving discipline that companies are using to ensure that risk management becomes pervasive throughout an organization. It essentially “enshrines the notion of risk” within the management function, to ensure that ongoing decisions and planning are made with an awareness and appreciation of the risks involved. With a systematic and structured risk management approach in place, the company can be comfortable that its business activities fall within its risk appetite or profile, and that risk mitigation plans have been carefully considered and put into action. Without risk management, companies will almost certainly be exposed to undue risks and unforeseen events.
For a more detailed discussion on risk management and what Edelkoort Smethurst Schein CPA’s LLP can do for your company, please refer to Resources – Risk Management. However, the following are key components of an ERM system:
Components of Enterprise Risk Management
- Internal Environment
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information and Communication
By following a systematic approach with each of these components, a company will have an established ERM in place to manage risks. Similar to other key processes such as strategic planning and C-SOX, the ongoing follow up and maintenance is every bit important as the implementation itself. It should be noted that ERM pertains to a wide array of potential issues that a company may face. In recent years, financial reporting risk has garnered a lot of focus and resources and, thanks to SOX and C-SOX, this particular risk has been addressed and mitigated. The limitation of C-SOX is that risks that do not impact financial statements are not relevant. ERM takes a much broader view by examining all significant risks that exist throughout an organization such as competitors, regulation, currency etc. (see below for a recent list of Top 10 Risks). By following this systematic approach, a company will be able to identify risks, implement programs to reduce risks (if applicable), link these major risks into the strategic and business planning processes, communicate risks throughout the organization, and have a method to monitor risks on an ongoing basis.
In our opinion, there is a logical connection between, risk management, strategic planning and C-SOX. They are all excellent tools for managing a company, and we would encourage all companies to adopt these processes. They will ensure that your company is operating at its highest level of effectiveness and efficiency, while avoiding catastrophic risks.
Feel free to call for a consultation about Risk Advisory services.