Implementing Enterprise Risk Management:
A Practical Approach

What you will gain from this seminar:


  • Enterprise Risk Management
  • The COSO ERM Framework
  • Risk management challenges and emerging practices
Benchmark your risk management practices
  • Four real world case studies
Practice the core elements of risk management

Be able to:

  • Introduce the risk management discipline to your organization
  • Enhance your risk management practices
  • Play a leading role in your organization’s move towards enterprise risk management


Two-Day Seminar Outline

Risk Management Basics
- ERM origins and drivers
- The risk management process – basic
- The new understanding of risk
ERM – An Integrated Framework: what you need to know about it
- Benchmark your organization

ERM: A Practical Approach and Two Real-World Examples
- Conclusions from the IIA research report Four Approaches to Enterprise Risk Management
- The right way to implement ERM
- Robust ERM at a major financial services firm
- The minimalist approach at a Fortune 500 manufacturing firm

Internal Environment
- Internal environment factors & issues
- Techniques to foster the desired environment
- A Tool to measure the internal environment: Ameritech
- Self-assessment survey: keys to success, caveats, things to consider
Exercise: develop survey statements for internal environment

Objective Setting
- Alignment of strategic, operational, financial, compliance objectives
- SMART objectives
- Exercise: set objectives for an organization
- Risk appetite and risk tolerance

Event Identification
- Events: risks and opportunities
- Techniques for identifying events
- Event categories: examples
- Exercise: develop event categories
- Exercise:
identify events for your objectives

Risk Assessment
- Inherent and residual risk
- Qualitative and quantitative risk assessment techniques
- Exercise: select techniques for risks you identified
- Risk maps
- Aggregating risks ― portfolio view

ERM: Real-World Example
- Simple, practical, bottoms-up approach at Texas State Comptroller

Risk Response and Control Activities
- Risk response: avoid, reduce, share, accept
- Exercises: risk response
- Control activities:

  • Some useful concepts
  • Control activities are changing
  • COSO/CoCo and soft controls
  • “Working inventory” of soft controls

Information & Communication; Monitoring
- Enterprise risk & assurance software
- Monitoring risk management techniques: guidelines and tips
- Exercise: monitoring
- Separate evaluations: Canada Post example
- Continuous monitoring: example

ERM: Real-World Example
- The Evolution of ERM at Aquila

ERM Issues
- Enterprise risk management architecture
- Sample risk management policy
- Risk management culture, implementation guidelines and tips
- A diagnostic tool to evaluate the maturity of risk management
- Internal audit’s role in ERM