Enterprise Risk Management
The International Organisation of Standardisation (ISO 31000) defines:
Risk is the "effect of uncertainty of objectives" and risk management refers to "coordinated activities to direct and control an organization with regard to risk."
We prefer a suggested definition by James Lam (Enterprise Risk Management- From Incentives to Controls)
"Risk is a variable that can cause deviation from an expected outcome. ERM is a comprehensive and integrated framework for managing key risks in order to achieve business objectives, minimize unexpected earnings volatility, and maximize firm value."
These all impact on a business' Risk Profile. Typically a deviation occurs when a business moves from a current position to a new one. Risks are by their nature dynamics, fluid and highly interdependent.
An effective Enterprise Risk Management framework calls for increased levels of understanding communication, consultation, monitoring and review throughout the process. To enable this there has to be buy in from the board/CEO and a centralized database/framework to provide honest information to enable the best decisions to be made. It highlights where you sit on the “dial” on certain risks.
Where on the “dial”are you?
Source: Chartered Institute of Internal Auditors (2006)
Manage your financial, business and operational risk information quickly and easily. Senator Risk Management NZ recommends a modern risk management solution that follows Risk Standards (ISO 31000 & AS4360) and adopts the latest web browser technology. This allows information, analysis to be structured in a relevant way for boards, senior management of line managers.
Risk Wizard provides organisations with a centralised information system that replicates customer frameworks and work processes enabling risk, control and incident-related data to be easily logged, managed and dealt with. The system is web-browser based, easy to use and highly scalable.