Ten steps to enterprise‐wide risk management
Abstract
Purpose
The purpose of this paper is to discuss the objectives of enterprise‐wide risk management (ERM), the Committee of Sponsoring Organizations (COSO) ERM Framework, and outline a method to implement ERM in organizations.
Design/methodology/approach
This paper delineates ten steps organizations can use to develop a viable ERM system for any organization.
Findings
It is highly recommended that a high‐level risk officer with visible support from senior and board level executives has a separate function to oversee the development of an ERM department.
Practical implications
Although the internal audit department has a large role in evaluation and monitoring the ERM system, it is management's responsibility to develop a strong ERM function that ties corporate strategy, the budget, controls, and the entity's performance measurement systems to risk management.
Originality/value
The cost to the entity of implementing and maintaining of an ERM system is grossly out‐weighed by the results and knowledge gained in evaluating, assessing, and overseeing risk to insure achievement of strategic objectives over the short‐ and long‐term life of the organization.
Keywords
Citation
Burnaby, P. and Hass, S. (2009), "Ten steps to enterprise‐wide risk management", Corporate Governance, Vol. 9 No. 5, pp. 539-550. https://doi.org/10.1108/14720700910998111
Publisher
:Emerald Group Publishing Limited
Copyright © 2009, Emerald Group Publishing Limited