Article
Enhancing ERM: Moving beyond the traditional risk assessment
Dec. 17, 2024 · Authored by Corey Parker, John A. Rogula, Travis Allison
Have questions about the Moss Adams combination? We're here to help. Submit your inquiry.
Loading...
Article
Dec. 17, 2024 · Authored by Corey Parker, John A. Rogula, Travis Allison
This is the second leg of our journey through the world of enterprise risk management (ERM). In our previous webinar, we explored how to build a strong foundation with ERM essentials. Continuing that journey in our most recent webinar, we dove deep into the process of enhancing your enterprise risk assessment (ERA) beyond the traditional approach.
Naturally, the first question we must consider is—what is a traditional approach to enterprise risk assessments?
At its core, there are three components of a traditional risk assessment: risk identification and gathering, risk analysis and prioritization, and outcomes and reporting.
In a traditional enterprise risk assessment approach, the shortfalls of each component are plentiful—they’re overly manual, are often burdensome, require months to complete, are subject to human error and utilize a right here, right now approach without a strategic and integrated view that truly encompasses the risk environment across the entire enterprise.
A traditional enterprise risk assessment approach isn’t all bad (there’s a reason it’s the traditional method, after all) … but there’s certainly room for improvement. And that’s where an enhanced approach comes into play.
Building upon the traditional method, an enhanced approach to enterprise risk assessments incorporates five risk identification tools and techniques:
When infusing these attributes into the traditional approach, those same three components (risk identification/gathering, risk analysis/prioritization and outcomes/reporting) become far more robust.
o Risk names and definitions
o Scenarios of concern
o What performance measures would be impacted if the risk materialized?
o How would you know the risk is occurring (measurement)?
o What are you doing to mitigate the risk? What else should you consider doing?
o What do you believe is the needed response (enhance, manage, watch)?
As seen above, a critical aspect of an enhanced approach to enterprise risk assessments is risk integration. And what we mean by risk integration is not siloing your enterprise risk assessment but rather allowing it to be done in coordination with other risk and business functions across the enterprise (compliance and internal audit). The goal is to place less strain on the business—and, specifically, the participants in the process—so they’re not completing three or four or five separate risk assessments across multiple risk functions.
This integration allows you to start understanding, across your organization, exactly if/where you’re building consistency in your risk definitions, identifications and tolerance profiles. It allows for a singular, consistent domain for building out a tailored risk universe. It helps you better understand root causes/drivers and coordinate the development of enterprise mitigation strategies to reduce said risks to acceptable levels.
And when you think about risk prioritization, if you’re utilizing consistent scales (on likelihood, impact, management preparedness and velocity) across all risk functions, you’re standardizing this process, enterprise-wide, and allowing for consistent reporting and an enhanced level of clarity and understanding of your risk environment from top to bottom.
Embracing an enhanced approach to enterprise risk assessments is not a simple, one-size-fits-all endeavor. But moving beyond the traditional approach—through collaborative tools, external risk scanning, cross-functional integration and properly leveraging technology—can help elevate both the results and value of your risk assessments.
Whether you’re a seasoned risk professional or just starting your journey, we encourage you to take the next step toward an enhanced approach. Let’s go there, together.
To explore tech-enabled enterprise risk assessments—including a hands-on demo of various collaboration tools—and to examine possible ERA outputs, reimagined risk assessment processes and more, watch our on-demand webinar above.
Watch this on-demand webinar as Baker Tilly specialists delve into the essentials of enterprise risk management (ERM).
Implementing the right collaboration methods and tools can improve your organization’s risk assessment process and the quality of the risk data it produces.
The third in Baker Tilly’s four-part ERM webinar series, Enterprise risk management: Building an effective ERM governance structure delivers valuable insight on risk management.
Explore how risk metrics, KRIs and KPIs can help enhance your enterprise risk management (ERM) framework in the fourth webinar of Baker Tilly's ERM series.
