Basic Components of an Enterprise Risk Management Framework
ERM Component | Description | Positive Example(s) |
---|---|---|
Established Risk Culture | This is the tone at the top that sets the basis for how risk is viewed and addressed by an organization’s stakeholders at all levels. The organization defines an enterprise-wide philosophy for risk management and risk appetite that is grounded in integrity, ethics, and a good grasp of how various stakeholders are affected by the organization’s decisions. |
|
Clear Objectives | An ERM program encourages the leadership team to set clear strategic, operations, reporting, and compliance objectives that support and align with the organization’s mission and are consistent with its risk appetite. |
|
Risk Register | The organization documents all identified material risks. |
|
Event Identification | The organization identifies internal and external events affecting achievement of objectives and distinguishes its risks from its opportunities. |
|
Risk Assessment | The organization continuously analyzes risk, considering the likelihood and impact of various scenarios, and uses the results of the analysis as a basis for determining how to manage those risks. |
|
Risk Response | Leadership evaluates possible responses to risks, selects a response (avoid, accept, reduce, or share risk), and develops a set of actions that align risks with the organization’s risk tolerance. |
|
Control Activities | Leadership establishes and implements a set of policies and procedures to enable the organization to respond to risks effectively. |
|
Information and Communication | The credit union identifies, captures, and communicates relevant information in a form and timeframe that enables stakeholders to carry out their responsibilities. It communicates key information about strategy and decision-making clearly and broadly throughout an organization. |
|
Monitoring | Through ongoing management activities and/or separate evaluations, the organization monitors the entirety of risk management and makes modifications as necessary. |
|
Last updated on August 23, 2022.