Enterprise risk management Literature review Example | Topics and Well Written Essays - 3000 words

Enterprise risk management - Literature review Example ERM involves taking a proactive view of the entire business or organisation rather than looking at risk as simply a matter of special project overview to identify threats. It goes far beyond the typical SWOT analysis that looks at different weaknesses and threats and recognises the whole of the business as a functional unit that is inter-connected whereby multitudes of risk possibilities exist. This literature review describes what constitutes enterprise risk management, its major components and also provides an identification of how an ERM programme can be designed into virtually any industry. 2. Defining a stable ERM programme Enterprise risk management is defined as: â€Å"The discipline by which an organisation in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organisation’s short- and long-term value to its stakeholders† (casact.org, 2003, p.8). What makes ERM different from typical risk ma nagement programmes is that it recognises strategic imperatives, thus making it an ongoing part of strategic analysis often dictated by executive leadership and Board governance. Generally, risk management programmes are short-term objectives associated with special project teams, thereby somewhat ignoring the long-term prospects of risk mitigation in multiple areas of the business. Kimmel & Anderson (2010) identify five specific elements of an ERM system to include: 1. Linking risk management to the organisation’s strategy, values and culture – This definition insists that enterprise risk management is linked to the operational and human capital components of the organisation and is tied directly to organisational structure and design. 2. Providing management with a comprehensive and repeatable knowledge base so as to understand how to identify and assess potential risk factors. 3. Assignment of specific roles and responsibilities tied to governance for ERM. 4. The ab ility to provide higher valued knowledge so that managers can make better operational and financial business decisions. 5. Providing risk-related knowledge so that auditing and monitoring is an ongoing part of the programme design. Most organisations that utilise ERM systems recognise four categories of objectives in order to assist organisations in meeting long- and short-term strategic goals. These include, as offered by Moore (2010): 1. Strategic imperatives – These are high-level goals that help align the organisation to its overall mission and value proposition. 2. Operational components – Helping to achieve efficient and effective use of resources organisation-wide, such as marketing, production and accounting (as relevant examples). 3. Reporting – Reporting aspects include financial figures and overall business strengths as related to stakeholders and shareholders. 4. Compliance – Laws and regulatory compliance such as Sarbanes Oxley and other labo ur-related laws that drive business structure and operations. These four objectives are part of the COSO model that is widely used in most organisations that have developed an ERM system, one of the most common models of ERM available. It is a comprehensive tool for identifying and managing risk factors (Moore, 2010). Enterprise risk management is beneficial to the business as it creates a teamwork