Implementing Enterprise Risk Management:
A Practical Approach

What you will gain from this seminar:


  1. Enterprise Risk Management
  2. The COSO ERM Framework
  3. Risk management challenges and emerging practices
Benchmark your risk management practices
  1. Four real world case studies
Practice the core elements of risk management

Be able to:

  1. Introduce the risk management discipline to your organization
  2. Enhance your risk management practices
  3. Play a leading role in your organization’s move towards enterprise risk management


Two-Day Seminar Outline

Risk Management Basics
- ERM origins and drivers
- The risk management process – basic
- The new understanding of risk
ERM – An Integrated Framework: what you need to know about it
- Benchmark your organization

ERM: A Practical Approach and Two Real-World Examples
- Conclusions from the IIA research report Four Approaches to Enterprise Risk Management
- The right way to implement ERM
- Robust ERM at a major financial services firm
- The minimalist approach at a Fortune 500 manufacturing firm

Internal Environment
- Internal environment factors & issues
- Techniques to foster the desired environment
- A Tool to measure the internal environment: Ameritech
- Self-assessment survey: keys to success, caveats, things to consider
Exercise: develop survey statements for internal environment

Objective Setting
- Alignment of strategic, operational, financial, compliance objectives
- SMART objectives
- Exercise: set objectives for an organization
- Risk appetite and risk tolerance

Event Identification
- Events: risks and opportunities
- Techniques for identifying events
- Event categories: examples
- Exercise: develop event categories
- Exercise:
identify events for your objectives

Risk Assessment
- Inherent and residual risk
- Qualitative and quantitative risk assessment techniques
- Exercise: select techniques for risks you identified
- Risk maps
- Aggregating risks ― portfolio view

ERM: Real-World Example
- Simple, practical, bottoms-up approach at Texas State Comptroller

Risk Response and Control Activities
- Risk response: avoid, reduce, share, accept
- Exercises: risk response
- Control activities:

  • Some useful concepts
  • Control activities are changing
  • COSO/CoCo and soft controls
  • “Working inventory” of soft controls

Information & Communication; Monitoring
- Enterprise risk & assurance software
- Monitoring risk management techniques: guidelines and tips
- Exercise: monitoring
- Separate evaluations: Canada Post example
- Continuous monitoring: example

ERM: Real-World Example
- The Evolution of ERM at Aquila

ERM Issues
- Enterprise risk management architecture
- Sample risk management policy
- Risk management culture, implementation guidelines and tips
- A diagnostic tool to evaluate the maturity of risk management
- Internal audit’s role in ERM