Beruflich Dokumente
Kultur Dokumente
ASSIGNMENT TITLE:
Instructions
Marks will be awarded for good presentation and thoroughness in your approach.
NO marks will be awarded for the entire assignment if any part of it is found to be copied directly
from printed materials or from another student.
Complete this cover and attach it to your assignment. Insert your scanned signature.
Student declaration
I declare that:
MARKER’SCOMMENTS________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
OVERALLMARK: MARKER’SNAME: _________________________
Solution
Enterprise Risk management (ERM) is a plan based business strategy that aims to identify,
assess, and prepare for any dangers, hazards, and other potentials for disaster – both physical
and figurative – that may interfere with an organisation’s operations and objectives. The
discipline not only calls for corporations to identify all the risks to manage actively, but also
involves making that plan of action available to all stakeholders, shareholders and potential
investors as part of their annual reports, industries such as aviation, construction, public
health, international development, energy, finance and insurance all utilize ERM. The
Committee of Sponsoring Organizations of the Treadway Commission (COSO) published an
Enterprise Risk Management (ERM) standard in 2004. The COSO ERM cube is well known
to risk management practitioners and it provides a framework for undertaking ERM. It has
gained considerable influence because it is linked to the Sarbanes-Oxley requirements for
companies listed in the United States. ISO 31000 was published in 2009 as an internationally
agreed standard for the implementation of risk management principles.
Solution
ERM is a process or methodology for enterprise wide risk management. In common with
most methodologies, it is not an exact science. Factors such as human error, imprecise
calculations, incomplete information and breakdown of internal controls preclude a board
and management from having complete confidence in the effectiveness of ERM
The success of an ERM framework is dependent on a number of key factors:
CEO and senior management commitment
assignment of risk management responsibilities within the organisation
allocation of appropriate resources for training
The development of enhanced risk awareness by all stakeholders.
The decision for an appropriate framework includes the selection of an appropriate risk
framework and the implementation into the organisation. Some of the frameworks have
advantages, such as workbook materials and display slides that may help the implementation
process. Internal auditors can help a management evaluate which are best suited to the
organisation's needs. Related to that, the technologic part is important as well. Many risk
management packages use a methodology that is not specifically based on the framework. If
that happens, the deficiencies can lead to difficulties. Technology should be built around the
methodology and used in several ways. Another impact could be that the Human Resource is
not integrated in the ERM System. From the Human Resource's view, specific goal-setting
tied to the success of ERM must be part of an individual’s performance management plan. If
this is not done, the implementation exercise could fail. The business strategy should be
defined at the outset of the exercise along with the organisation's mission and vision. The
ERM process will flow forward from this strategy, and events will be identified that may
impact the achievement of the organisation's strategies and objectives (Schanfield/Helming,
2008)
Human Errors
To ensure that the framework suits an organisation, the human factor needs to be minimised.
There are different types of human errors. Therefore, the next section will focus on the
different types and their impacts. One problem for both tools (GRC and COSO-Cube) could
be that not everyone is “on the same page”. That is why the project team should develop a
risk glossary at the beginning of the ERM implementation process, so the company can save
money and time. The risk management team has to agree on definitions for risks, risk
assessment, risk management, ERM, significance, likelihood, inherent risk and residual risk.
Afterwards it is very important to define what risk really means for the entire organisation,
because there are several different interpretations. After this process, when the team is at the
same level, they can go on. Effective monitoring needs to ensure that the agreed-upon risk
response is actually implemented and working. It is important to clarify monitoring
responsibilities among internal auditing, individual business managers, and the board.
Software based on key performance metrics may be used to design an effective continuous
monitoring process.
A risk-aware culture is necessary to ensure that the risk process becomes institutionalised
within the organisation. More advanced risk identification techniques, such as control self-
assessment, may be adopted eventually. Decisions and actions within the organisation must
be viewed within the context of a team approach. Moreover, each team member authority and
responsibility for risk must be spelled out. The last step is to communicate the most important
impacts to the rest of the organisation. So the entire organisation understands the benefits
they gain from implementing an ERM model (Schanfield/Helming, 2008).
Introduction:
An independent risk management function is the second line of defense. Its job is to
complement the management activities of the business line. This function has a reporting
structure independent of the risk-generating business lines and is responsible for the
planning, maintenance, and ongoing development of the banking corporation’s risk
management framework.
One of its major duties is to challenge the adequacy of the business lines’ inputs for risk
management, risk measurement, the banking corporation’s reporting systems, and the
adequacy of the outputs obtained. Other compliance, monitoring, and control functions
such as the compliance and anti-money laundering officer, the Chief Accounting Officer,
and control of financial reportage are part of the second line of defense. A banking
corporation shall define the interfaces between all functions that comprise the second line
of defense to ensure coordination and cooperation.
Definition of terms:
Risk Management – Process for risk identification and assessment and measurement of
risk exposures monitoring of risk exposures and ongoing determination of appropriate
capital requirements, monitoring and assessment of decisions related to risk taking, risk
mitigants, and reportage of risk exposure and capital positions to senior management and
board of directors
Main Functions of an independent risk management function:
a. The risk management function identifies current and emerging risks to which an entity
is exposed to and how they are properly managed by the relevant functions. The
function is also responsible for adjusting the risk profile to the risk appetite that the
board has established. In terms of leading and coordinating risk related actions, the
independent risk management function is centralized. Prime responsibility for
ongoing risk management belongs to business line management.
b. The independent risk management function is also responsible for assessing possible
ways of managing risk exposures and shall, to the extent necessary, recommend ways
to mitigate or hedge risk in order to limit exposures. This is very important because all
possible risks need to be managed as well as making recommendations as to ways to
curb the risk if encountered.
e. The independent risk management function is entitled to have adequate resources for
its planning and budgeting processes in order for it to discharge its duties and exercise
its powers, including the need for adequate risk assessment and specifically human
resources and internal information. In order for the department to function as a whole,
there is need to ensure it is equipped to the fullest with the required personnel and
must have adequate resources to execute every task assigned.
References
Aswath Damodaran (2003) Strategic Risk Taking. A Framework for Risk Management,
Wharton School Publishing.
Erik Banks (2004) Alternative Risk Transfer: An Integrated Risk Management through
Insurance, Reinsurance and the Capital Market.
Erik Banks and Richard Dunn (2003) Practical Risk Management: An Executive Guide to
Avoiding Surprises and Losses, John Wiley & Sons.
Erik Banks (2002) The Simple Rules of Risk: Revisiting the Art of Financial Risk
Management.
John Besis (1998) Risk Management in Banking, John Wiley & Sons.
Philippe Jorion (2010) Financial Risk Manager Handbook, John Wiley & Sons.
Robert Mark, Dan Galai and Michel Crouhy (2000) Risk Management, McGraw Hill.
Tony Merna and Faisal (2005) Corporate Risk Management; An Organisational Perspective.