No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

The Role of Executive Management in ERM

by Jim DeLoach
August 13, 2014
in Risk
The Role of Executive Management in ERM

Ultimate responsibility for ERM starts at the top. However, everyone who matters within an organization should participate in the ERM process.

While several executives have significant responsibilities for ERM, including the Chief Risk Officer, Chief Financial Officer, Chief Legal Officer and Chief Audit Executive, the ERM process works best when all key managers of the organization contribute. The COSO ERM framework states that managers of the organization “support the entity’s risk management philosophy, promote compliance with its risk appetite and manage risks within their [respective] spheres of responsibility consistent with risk tolerances.” Therefore, identifying leaders throughout the organization and gaining their support is critical to successful implementation of ERM.

A goal of ERM is to incorporate risk considerations into the organization’s agenda and decision-making processes. This means that ultimately, every manager is responsible, which can only happen when performance goals, including the related risk tolerances, are clearly articulated, and the appropriate individuals are held accountable for results.

The COSO framework states that the CEO “is ultimately responsible and should assume ownership” over the implementation of ERM. Because ERM, as COSO defined it, is integral to running and managing a business, the CEO’s involvement is vital to the success of ERM.

For example, an effective ERM process affects the organization’s risk culture because it establishes an environment where people can raise their hands and express concerns about a deal, transaction, project or business plan without fear of retribution. This kind of open and positive environment is not possible without the CEO’s active and visible support. The CEO sets the tone by asking the tough questions about risk and risk management and by demonstrating a commitment to raise the focus of risk management to a strategic level.

A point that is often omitted in this discussion is that it is important to the CEO that he or she be involved in the process. The CEO’s active participation keeps the focus at a strategic level. The CEO wants to know the answers to such questions as:

  • What is it that we don’t know that could erode or cause irreparable harm to our reputation and brand image?
  • What are the soft spots in our business plan that could result in failure to deliver the financial results we expect?
  • What are the critical assumptions underlying our strategy over the planning horizon? Are we monitoring the external environment for changes that could render one or more of those assumptions invalid?
  • If we were to lose a key component of the supply chain or distribution channel, would we be able to continue operations? If not, how long would it take to recover?
  • Are there any unknown exposures to events that can abruptly shift the organization’s agenda to “damage control” in a heartbeat should they occur?
  • If such exposures exist, what can be done cost effectively to prevent these potential future events from happening, and how will our organization respond should the events occur?
  • Based on the answers to the above questions, what do we do differently going forward?

ERM can help supply the CEO with answers to these and other questions, if he or she is sufficiently involved to ensure the process is appropriately focused on the strategic and reputation risks that matter. In summary, support from the top is vital to an effectively functioning ERM process.

Opportunity-seeking behavior is invigorated if senior management possesses the confidence that they understand the related risks and have the capabilities in place to manage those risks. In a rapidly changing world, traditional risk management approaches will not be effective because they are fragmented, treating risks as disparate events and easily compartmentalized in silos. While the tight focus of traditional risk management activities on loss prevention is not a bad thing, neither is it a good enough thing because the activities are not adequately integrated with the identification, evaluation and pursuit of growth opportunities. Moreover, current risk management approaches are too firmly rooted in the command-and-control era, which means they may not effectively balance the desire for control with the need for agility, responsiveness and cross-functional cooperation. That is why executive management must own the ERM process.

An enterprise-wide approach to business risk management will help executives meet the challenges they face by improving the linkage of risk and opportunity during the strategy-setting process and positioning risk management as a differentiating skill in managing the business. The COSO framework provides insights into the question of how executive management evaluates the application of ERM within the organization. The four categories of objectives, the extent of application (across the entity and its divisions and business units) and the eight components of ERM, as defined by the COSO framework, provide the basis for that evaluation. Executive management must evaluate the appropriate ERM prose and supporting infrastructure the organization needs in place to realize its chosen risk management vision, goals and objectives.

Every ERM solution is impacted by technology in various ways. Enterprise software solutions are informational tools that act as an enabler for ERM, particularly for purposes of managing non-financial risks. As companies configure risk measurement systems to work seamlessly with enterprise performance management systems, they will consolidate much more information. The most elegant solution is to leverage the existing executive reporting system as much as possible. Depending on the complexity and strategic importance of these systems and the number of internal stakeholders involved, the CIO will play a key role in this integration process.

As they focus on investment and return, on opportunity and reward and on competitive advantage and growth, CEOs and their management teams must pursue promising – though uncertain – opportunities in the face of changing market conditions. They must be in a position to confidently assure investors and other stakeholders that the organization is managing risk effectively. They must also comply with applicable laws and regulations. An effective ERM process can assist them in accomplishing these objectives.


Previous Post

Ethisphere Delivers First Issue of World’s Most Ethical Companies® Executive Briefing

Next Post

Does Your Company Need a Sterile Cockpit?

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

Next Post
Does Your Company Need a Sterile Cockpit?

Does Your Company Need a Sterile Cockpit?

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT