ERM 5

avatar
Created by
Jean Morales

Cards (40)

  • Enterprise Risk Management (ERM)

    A formal and structured approach to managing risks that could impact an organization's objectives and operations
  • ERM Organizational Structure
    • Has a strong vertical component descending from the Board through the Board Risk Oversight Committee, the CEO, the Risk Management Executive Team, down through all the levels of the dedicated Risk Management function
    • Supplemented by related control functions carried out by the Compliance, Legal, Financial Control, Treasury, and Internal Audit departments, as well as other committees
    • Supporting risk routines and responsibilities should be distributed throughout the organization, to all departments and staff
  • Board of Directors (BOD)
    Provides an oversight role to risk management activities including the periodic review and approval of the ERM Policy, ERM Framework and ERM Process through the BROC
  • Board Risk Oversight Committee (BROC)

    • Assists the Board in fulfilling its responsibility for oversight of the organization's risk management activities
    • Sets the risk appetite of the organization
  • Chief Executive Officer (CEO)

    • The ultimate risk executive and is essentially responsible for ERM priorities, strategies and policies
    • Heads of the RMET that sets the direction and leads the decision-making
    • Ensures that sufficient resources are allocated to pursuing ERM initiatives, strategies and action plans
    • Reports to the BROC on a regular basis on ERM related matters
    • The ultimate "risk owners" of all the critical risks
  • Risk Management Executive Team (RMET)

    • The ERM think tank
    • Defines risk priorities
    • Aligns risk policies and strategies with overall company plan
    • They are the primary risk owners
  • Chief Risk Officer (CRO)

    • Is the champion of the ERM process in the organization
    • Develops, implements risk management process, tools and methodologies
    • Analyzes, develops and executes policies and report risks
    • Submits risk report to the RMET and BROC
    • Monitors the implementation of the risk management strategies and action plans
  • Risk Management Unit (RMU)

    • Composed of the different Risk Leaders and Risk Owners that support the Risk Management Executive Team (RMET) in the implementation of the ERM process
    • Suggest to the RMET the development of additional ERM Policies and other related guidelines
    • Supervises, supports, and incorporates the ERM processes across the organization in coordination with the RMET, Risk Leaders, and Risk Owners
    • Gathers and evaluates the risk reports provided by the Risk Leaders and Risk Owners and monitors the status of risk management strategies and action plans
    • Organizes the sharing of best practices across the organization
    • Supports the Chief Risk Officer (CRO) in preparing the ERM reports and materials to be presented to the RMET and the Board Risk Oversight Committee (BROC)
    • Drives the continuous improvement of the organization's current ERM Process
  • Risk Leaders
    • Leads the Risk Owners under each identified risk in the consistent execution and continuous improvement of the risk mitigation strategies in the ERM processes
    • Constantly reviews and provides updates in the behavior of the critical risk and ensures that emerging risks are identified and included
    • Guides the Risk Owners in making reports to be forwarded to the CRO and RMET
  • Risk Owners
    • Has the responsibility for and ownership of the assigned risk and interrelated risks
    • Actively participates in the risk identification process of the organization
    • Performs risk prioritization, analysis, development of strategies and action plans, and coordinates with other Risk Owners
    • Assesses and communicates the progress of the risk management strategies and action plans to the Risk Leaders and CRO
  • All Personnel
    • Maintains awareness of and the consciousness about ERM, as well as how the identified risks will impact their roles and responsibilities in the organization
    • Embeds risk management as part of their everyday activities
    • Executes the formulated risk management strategies to ensure the achievement of the organization's objectives and the successful execution of its strategies
    • Communicate to their immediate superiors any risk that they cannot manage
    • Reports emerging risks/opportunities to the Risk Leader in the course of the risk management execution
  • Internal Audit
    • Provides an independent assessment of the effectiveness of the ERM framework, processes, and the strategies formulated to treat the risks identified
    • Gives assurance to the risk management process and assurance that the risks are correctly evaluated
  • The Philippine SEC, in its Memorandum Circular No. 19, Series of 2016, discussing the Code of Corporate Governance for Publicly-Listed Companies, recommends that the Board should establish a separate Board Risk Oversight Committee (BROC) that should be responsible for the oversight of a company's Enterprise Risk Management system to ensure its functionality and effectiveness
  • Board Risk Oversight Committee (BROC)

    A specialized committee of a company's board of directors responsible for overseeing the organization's risk management processes
  • BROC
    • Typically composed of independent directors who have the expertise and experience to assess and mitigate the various risks facing the organization
    • Plays a crucial role in ensuring that the company has effective risk management policies and procedures in place and that these are aligned with the organization's strategic objectives
    • Monitors the implementation of risk management initiatives and regularly reports to the board on the organization's risk profile and the effectiveness of its risk management efforts
  • Duties and responsibilities of the BROC
    1. Develops a formal enterprise risk management plan
    2. Oversees the implementation of the enterprise risk management plan through a Management Risk Oversight Committee
    3. Evaluates the risk management plan to ensure its continued relevance, comprehensiveness and effectiveness
    4. Advises the Board on its risk appetite levels and risk tolerance limits
    5. Reviews at least annually the company's risk appetite levels and risk tolerance limits
  • Common language of risk
    A standardized set of terms and definitions used to communicate about risks within an organization
  • Risk register
    A document used in risk management to record and track potential risks that could affect a project, program, or organization
  • Risk appetite
    The level of risk that an organization is willing to accept while pursuing its objectives, and before any action is determined to be necessary in order to reduce the risk
  • Risk tolerance
    The degree, amount or volume of risk impact that an organization or individual is willing to withstand
  • The Board Risk Oversight Committee primarily advises the board because the board of directors holds ultimate responsibility for overseeing the organization's activities, including risk management
  • The BROC reviews at least annually the company's risk appetite levels and risk tolerance limits based on changes and developments in the business, the regulatory framework, the external economic and business environment and when major events occur that are considered to have major impacts on the company
  • The Business Risk Oversight Committee (BROC) collaborates with departments such as IT, operations, legal, and finance to identify potential risks
  • Intellectual Property Theft
    Identified Risk
  • Likelihood of Occurrence
    Moderate to High
  • Estimated financial impact
    Substantial, potentially running into millions of dollars
  • Based on the assessment of risks, financial impact, and likelihood of occurrence, BROC identifies cybersecurity threats as a priority area of concern for EME Corporation
  • BROC
    • Provides oversight over Management's activities in managing credit, market, liquidity, operational, legal and other risks exposures of the corporation
    • Regularly receives information on risks exposures and risk management activities from Management
  • Credit Risk Management
    BROC monitors lending activities, counterparties' credit ratings, and loan delinquencies
  • Market Risk Management
    BROC assesses exposures to interest rates, forex, equities, and commodities
  • Liquidity Risk Management
    BROC receives and analyzes liquidity position, funding sources, and stress testing results
  • Operational Risk Management
    BROC reviews incident reports, operational risk assessments, and key risk indicators
  • Legal and Compliance Risk Management
    BROC reviews the legal and compliance issues, regulatory developments, and pending litigation matters
  • Material risk exposure
    A quantitative or qualitative scenario where the exposure to danger, harm or loss has a material impact (e.g., potential class action lawsuit, death related to product usage, etc.)
  • By concentrating on material risks, BROC reporting ensures that the board of directors can prioritize its attention and resources effectively, addressing the most critical threats to the organization's success
  • The appointment of a Chief Risk Officer (CRO) has become increasingly prevalent, reflecting a growing recognition of the importance of proactive risk management strategies in mitigating threats and seizing opportunities
  • Chief Risk Officer (CRO)

    • Provides strategic guidance to help executive leadership make informed decisions that align with the company's risk appetite and long-term objectives
    • Develops and implements risk management frameworks and policies tailored to the company's specific needs, ensuring that risks are identified, assessed, and addressed systematically
    • Champions a proactive approach to risk management, helping companies anticipate and address potential threats before they escalate into major issues
  • Other responsibilities of the Chief Risk Officer (CRO)
    • Developing risk maps and strategic action plans to address primary threats effectively
    • Monitoring and tracking the progress of risk mitigation efforts undertaken by the organization
    • Generating and disseminating risk analyses and progress reports to executives, board members, and employees
    • Integrating strategic risk management priorities into the company's overarching strategic plan
    • Formulating and executing information assurance strategies to safeguard against and manage risks associated with data usage, storage, and transmission
    • Evaluating potential disruptions to business processes resulting from employee errors or system failures and devising strategies to minimize associated risks
    • Identifying and quantifying the level of risk that the company should accept, known as risk appetite
    • Keeping stakeholders and board members updated on the business's risk profile and assessments
  • The Chief Risk Officer cannot single-handedly eliminate all risks within an organization. Their role is to provide insights, guide decision-making processes, and develop effective risk management strategies
  • The CRO's primary responsibility is to foster a culture of risk awareness and resilience and ensure systematic risk identification, assessment, and mitigation throughout the organization