Thursday, December 12, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

The Role of Executive Management in ERM

by Jim DeLoach
August 13, 2014
in Risk
The Role of Executive Management in ERM

Ultimate responsibility for ERM starts at the top. However, everyone who matters within an organization should participate in the ERM process.

While several executives have significant responsibilities for ERM, including the Chief Risk Officer, Chief Financial Officer, Chief Legal Officer and Chief Audit Executive, the ERM process works best when all key managers of the organization contribute. The COSO ERM framework states that managers of the organization “support the entity’s risk management philosophy, promote compliance with its risk appetite and manage risks within their [respective] spheres of responsibility consistent with risk tolerances.” Therefore, identifying leaders throughout the organization and gaining their support is critical to successful implementation of ERM.

A goal of ERM is to incorporate risk considerations into the organization’s agenda and decision-making processes. This means that ultimately, every manager is responsible, which can only happen when performance goals, including the related risk tolerances, are clearly articulated, and the appropriate individuals are held accountable for results.

The COSO framework states that the CEO “is ultimately responsible and should assume ownership” over the implementation of ERM. Because ERM, as COSO defined it, is integral to running and managing a business, the CEO’s involvement is vital to the success of ERM.

For example, an effective ERM process affects the organization’s risk culture because it establishes an environment where people can raise their hands and express concerns about a deal, transaction, project or business plan without fear of retribution. This kind of open and positive environment is not possible without the CEO’s active and visible support. The CEO sets the tone by asking the tough questions about risk and risk management and by demonstrating a commitment to raise the focus of risk management to a strategic level.

A point that is often omitted in this discussion is that it is important to the CEO that he or she be involved in the process. The CEO’s active participation keeps the focus at a strategic level. The CEO wants to know the answers to such questions as:

  • What is it that we don’t know that could erode or cause irreparable harm to our reputation and brand image?
  • What are the soft spots in our business plan that could result in failure to deliver the financial results we expect?
  • What are the critical assumptions underlying our strategy over the planning horizon? Are we monitoring the external environment for changes that could render one or more of those assumptions invalid?
  • If we were to lose a key component of the supply chain or distribution channel, would we be able to continue operations? If not, how long would it take to recover?
  • Are there any unknown exposures to events that can abruptly shift the organization’s agenda to “damage control” in a heartbeat should they occur?
  • If such exposures exist, what can be done cost effectively to prevent these potential future events from happening, and how will our organization respond should the events occur?
  • Based on the answers to the above questions, what do we do differently going forward?

ERM can help supply the CEO with answers to these and other questions, if he or she is sufficiently involved to ensure the process is appropriately focused on the strategic and reputation risks that matter. In summary, support from the top is vital to an effectively functioning ERM process.

Opportunity-seeking behavior is invigorated if senior management possesses the confidence that they understand the related risks and have the capabilities in place to manage those risks. In a rapidly changing world, traditional risk management approaches will not be effective because they are fragmented, treating risks as disparate events and easily compartmentalized in silos. While the tight focus of traditional risk management activities on loss prevention is not a bad thing, neither is it a good enough thing because the activities are not adequately integrated with the identification, evaluation and pursuit of growth opportunities. Moreover, current risk management approaches are too firmly rooted in the command-and-control era, which means they may not effectively balance the desire for control with the need for agility, responsiveness and cross-functional cooperation. That is why executive management must own the ERM process.

An enterprise-wide approach to business risk management will help executives meet the challenges they face by improving the linkage of risk and opportunity during the strategy-setting process and positioning risk management as a differentiating skill in managing the business. The COSO framework provides insights into the question of how executive management evaluates the application of ERM within the organization. The four categories of objectives, the extent of application (across the entity and its divisions and business units) and the eight components of ERM, as defined by the COSO framework, provide the basis for that evaluation. Executive management must evaluate the appropriate ERM prose and supporting infrastructure the organization needs in place to realize its chosen risk management vision, goals and objectives.

Every ERM solution is impacted by technology in various ways. Enterprise software solutions are informational tools that act as an enabler for ERM, particularly for purposes of managing non-financial risks. As companies configure risk measurement systems to work seamlessly with enterprise performance management systems, they will consolidate much more information. The most elegant solution is to leverage the existing executive reporting system as much as possible. Depending on the complexity and strategic importance of these systems and the number of internal stakeholders involved, the CIO will play a key role in this integration process.

As they focus on investment and return, on opportunity and reward and on competitive advantage and growth, CEOs and their management teams must pursue promising – though uncertain – opportunities in the face of changing market conditions. They must be in a position to confidently assure investors and other stakeholders that the organization is managing risk effectively. They must also comply with applicable laws and regulations. An effective ERM process can assist them in accomplishing these objectives.


Previous Post

Ethisphere Delivers First Issue of World’s Most Ethical Companies® Executive Briefing

Next Post

Does Your Company Need a Sterile Cockpit?

Jim DeLoach

Jim DeLoach has over 35 years of experience and is a member of Protiviti’s Solutions Leadership Team. With a focus on helping organizations respond to government mandates, shareholder demands and a changing business environment in a cost-effective and sustainable manner, Jim assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2017.

Related Posts

stack of newspapers on laptop

The Social Construction of a Scandal

December 9, 2019
"bias" on green post-it note on pink background

The Curious Case of Bias in Risk Assessments

December 3, 2019
double exposure of android bust over binary code

The 3 Final Pillars of the Cognitive Risk Framework

November 22, 2019
hazy image of businesspeople facing front, concept of future team

Preparing for Generation Z – The Future of the Front Line in Risk Management

November 19, 2019
Next Post
Does Your Company Need a Sterile Cockpit?

Does Your Company Need a Sterile Cockpit?

Free Downloads

OFAC whitepaper cover
Compliance Job Interview Q&A
Reputation Risk Management Research

RSS SEC Litigation News

  • John Special, Defendant, and Michael Murphy, Relief Defendant, John Kenneth Davidson December 12, 2019
    SEC Obtains $3 Million Settlement in Insider Trading Action
  • Palm Beach Atlantic Financial Group, LLC and William A. Smith December 11, 2019
    SEC Charges Florida Resident and His Corporate Entity for Fraudulent Securities Offerings
  • Nanotech Engineering, Inc., Michael James Sweaney (also known as Michael Hatton), David Sweaney, and Jeffery Gange December 11, 2019
    SEC Obtains Asset Freeze to Halt Alleged Offering Fraud

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks Big Data blockchain board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management corporate culture corporate governance culture of ethics cyber risk data analytics data breach data governance decision-making Dodd-Frank DOJ due diligence fcpa enforcement actions GDPR GRC HIPAA information security internal audit internet of things (IoT) KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • News
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights