Enterprise Risk Management & Risk Assessments
Historically, risk assessments within an organization have been viewed as isolated activities that were focused on narrow risk areas such as financial, safety and compliance, security, or continuity planning. They often did not address risk in a comprehensive, holistic manner.
The best run organizations are now adopting an Enterprise Risk Management (“ERM”) methodology, which provides a more structured, disciplined and holistic approach to identifying and managing risk. IRSL uses ERM methodology to enable our clients’ better match and align risks with strategies, goals and objectives. In addition, IRSL’s risk assessment methodology can have a profound impact on the culture of an organization by emphasizing the areas in which risk is accepted, understood, and embraced as part of everyday operations.
The three elements of risk assessment are:
v Risk Identification: Determining what is at risk and from what sources.
v Risk Measurement: Determining the consequences of the risk (and to a lesser extent, the likelihood of its occurrence).
v Risk Prioritization: Determining the appropriate resources to manage the risk.
Enterprise Risk Assessment Critical Factors
Five critical factors for success of an enterprise risk assessment, and the subsequent implementation of an internal audit plan, are:
1) Ability of the project approach and work plan to adapt as required.
2) Focus of project on operational, regulatory and financial processes that have the potential of the largest risk to the organization.
3) The analysis of risk is at sufficient levels of breadth and depth to facilitate a comprehensive understanding.
4) The professionals performing the assessment have the appropriate level of experience and can make the necessary determinations.
5) Active involvement of Executive Management in all aspects of the project including the identification of risks and strategic factors and the evaluation of risk mitigation processes and residual risk levels.