Enterprise Risk Management



Maged Farouck Hanna is currently the Managing Director and CEO of SELEM DMCC. He previously holds the position as the General Manager of the Society of Engineers – UAE wherein he is responsible for the strategic development of the organization. Mr. Maged has been conducting a pioneering works. Being a versatile, energetic person, Mr. Maged has established various partnerships and accreditation with international professional associations, accrediting bodies and International Test Centers, including the Certification of ISO 9001, ISO 14001. He has more than 100 initiatives towards enhancing organizational effectiveness. He managed to establish various international conferences and congress.
Enterprise Risk Management


Cover Page

ERM Frameworks Defined

                Enterprise risk management (ERM) touches on the ability of a firm to comprehend, prevent, and clarify the extent of risks likely to be encountered in pursuing business stratagems (Fraser, & Simkins, 2010). In essence, understanding and controlling risks are fundamental frameworks, which enhance accountability, thereby increasing stakeholders’ confidence. The dynamic business environment across all sectors has necessitated the application of ERM to sustain economic growth. ERM frameworks, therefore, help to identify, measure, control, and report on key risks that face most organizations. The risks and opportunities can be from the internal and external environments; they may be financial, accidental, operational, as well as strategic losses (Acharyya, 2010). ERM frameworks have structured approaches, which help to support the scope and profundity of undertakings. Since risks are different, enterprises have specific risk response strategies to address certain risks that have been pinpointed and scrutinized. Some of the ERM frameworks include acceptance, reduction, share or insure, avoidance, and alternative actions. According to Enterprise Risk Management (ERM) (2010), acceptance as an ERM framework involves taking no action to avert risk because of a cost-benefit analysis decision. Reduction involves taking necessary measures to decrease the consequences that may emanate from the risk taken. Sharing or insuring is an ERM framework that touches on sharing the magnitude of the risk with other institutions to assist in financing it. Avoidance, on the other hand, is exiting the undertakings that may cause the risk. Lastly, alternative actions involves opting or going for other feasible strategies to mitigate the risks on an enterprise’s earnings and capital as well (Yeo, & Ren, 2009). Managements in various organizations have the sole role of monitoring the operations of the risk response strategies; this helps in determining whether they meet their targets or not. As part of the management’s internal control activities, they have to comprehend how the risk response strategy works, as well as assess analytical findings from relevant specialists.

Casualty Actuarial Society (CAS) Framework

                CAS defines ERM as a field of study that provides platforms to all organizations in various sectors to help in assessing, regulating, financing, monitoring, and exploiting risks from all avenues in order to increase stakeholders’ confidence in the firm (Mehta, 2010). For stakeholders to maintain and gain confidence in an organization, the management must ensure that both the short and long-term value of the organization is at all-time high. According to CAS, ERM has two significant extents, namely risk types and risk management processes (Sutton, 2006). Strategic risks, financial risks, hazard risks, and operational risks are examples of risk types as hypothesized by CAS. Organizations have to identify and analyze such risks. For instance, competition in a dynamic market and customer satisfaction are essential factors that an enterprise has to be aware of to avert loss-making scenarios.

                Under risk management process, there are seven vital steps, which organizations have to follow in order to address the different types of risks (Schiller, & Prpich, 2013). The first step is establishment of context; it involves comprehending the present situations that a firm functions from both an external and internal risk management dynamics (Altman, 2004). Risk identification comes second; it collects the possible sources of threats that can hamper the operations of a business and looks into ways that can help a firm gain competitive advantage over its competitors. There are also risk analysis, integration and assessment in the third, fourth and fifth stages respectively. Finally yet importantly, risk treatment involves developing strategies to curtail the risks (Hampton, 2009). The last stage is reviewing and monitoring of risks; it entails repetitive studying of the risks and their management stratagems (Rouse, 2010).

COSO ERM Framework

                The Committee of Sponsoring Organizations (COSO) holds that ERM is a process that the management initiates in order to recognize significant aspects that can affect the organization. In this process, organizations are able to manage risks to offer assurance to its stakeholders and shareholders on its goals and objectives (Olson, & Wu, 2008). The process, as COSO observes, is applied across the management system of the organization to aid in setting inclusive strategies. According to the 1994 amendment of COSO Internal Control-Integrated Framework, there are four objectives and eight components that form the base of the framework (Olson, & Wu, 2010). Compliance, financial reporting, stratagem, and operations are the four extra components that help organizations to contain risks facing them, as well as take advantage of the existing opportunities (Enterprise risk management: integrated framework, 2004). The eight components include the internal setting, setting of objectives, identifying events, assessing risks, responding to risks, control activities, information and communication, and monitoring.

RIMS Risk Maturity Model

                This model has detailed procedures on necessities for effective and sustainable management of risks within organizations (Minsky, 2009). The RMM model is an umbrella structure for seven elements that generate utility and value for enterprise risk management in a business, hence instilling confidence in stakeholders (Mcneil, 2013). Organizations use this model to ascertain whether the entity’s risk management strategy is meeting its objectives. Therefore, it helps organizations to make significant recommendations to upgrade the risk management program (Minsky, 2014). According to Gladden (2012), the RIMS Risk Maturity Model is a systematic guide that helps organizations in implementing, improving, and measuring the embracement of ERM practices as put forward by COSO and ISO.

Implementing an ERM Program

                Since effective ERM processes assist firms respond to changes in the dynamic market, effective implementation of an ERM program is indispensable for reality of success. An ERM program helps in identifying and managing specific risks in different departments (Fox, 2012). Organizations planning to benefit from the ERM process should be prepared to capitalize on the opportunities that arise from the changes in the market, as well as minimize risky ventures (Martin, 2012). In the implementation process, firms ought to define what they expect to gain from the ERM. Afterwards, a deep comprehension of various frameworks and standards should take place; the approaches will help organizations to mitigate risks (Miccolis, 2003).