Foundational concepts for long-term success with ERM governance  

The third in Baker Tilly’s four-part enterprise risk management (ERM) webinar series, Enterprise risk management: ​Building an effective ERM governance structure, explores the process of advancing governance through the creation and continuous maintenance of mature risk management practices.

Review the first and second installments of this series, ERM essentials: Building a strong foundation and Enhancing ERM: Moving beyond the traditional risk assessment, to bolster your understanding of fundamental ERM concepts.   

Whether you’re a seasoned risk professional or only now beginning your journey, this exclusive ERM webinar series from Baker Tilly delivers valuable takeaways. 

Introduction to ERM governance 

A structured approach to identify, assess, manage and monitor risks, ERM governance involves establishing policies, procedures and practices across all levels of an organization to integrate risk management and deliver value for stakeholders.​

Appropriate ERM governance is foundational not only to the creation of a risk-aware culture, but also to its ongoing success by further ensuring risk management activities are aligned with the organization’s goals, objectives and risk appetite. 

Through effective risk governance, ERM allows organizations to make optimal risk-taking decisions:  

• Exercises board risk oversight 
• Establishes operating structure 
• Defines desired culture 
• Demonstrates commitment to core values 
• Attracts, develops and retains capable individuals 
• Creates and reinforces consistent performance expectations 
• Provides a monitoring and evaluation mechanism 

ERM roles and responsibilities  

Participation from a broad range of stakeholders with defined roles in ERM governance, including ERM leaders and risk management professionals, general counsel, executive leaders, risk and audit committee members, board members, and internal audit, is essential for:​ 

• Comprehensive risk assessment focusing on financial, operational, regulatory, external/environmental, strategic and technological risks​ 
• Clear accountability to prevent overlaps and/or gaps for efficient risk mitigation​ 
• Diverse input to enhance decision-making and foster a risk-aware culture​ 
• Alignment of risk management activities with strategic objectives for long-term sustainability​ 
• Effective communication and compliance to build stakeholder trust and enhance organizational resilience 

Integrating risk governance  

Integrating ERM governance is vital for long-term organizational success and sustainability. This comprehensive approach safeguards the organization from potential threats and enhances its ability to seize opportunities, thereby driving growth and competitive advantage. 

Well-defined accountability along with clear risk management objectives and strategies aligned with board-approved risk expectations help ensure effective integrated risk governance. In addition, observable commitment from management will foster a supportive culture, ensuring compliance with external obligations. Adequate resources and well-defined processes are also essential for comprehensive risk oversight and organizational growth. 

Successfully integrating ERM governance within any organization additionally depends upon the creation and maintenance of regular points of contact between key stakeholders: 

• Boards and committees conduct joint sessions and provide regular interdepartmental updates 
• Management and board/committees share assessments, plans and guidance to manage and mitigate risk 
• ERM leaders and executive leadership collaborate to define risks and ensure response strategies align with organizational objectives and available resources 
• General counsel and risk committees provide cohesive legal risk assessments, compliance updates and guidance on regulatory changes  
• Internal audit monitors response strategies and evaluates the effectiveness of risk mitigation activities across the organization 

How to establish a risk governance framework 

Creating a risk governance framework involves a systematic approach to identifying, assessing, mitigating and monitoring risks across an organization. One area of particular importance to this framework is your organization’s risk appetite. Outlining the types and levels of risk your organization is willing to accept in pursuit of its strategic goals at the outset will streamline the entire process. For example, if an organization’s strategic objective is to expand their global footprint, they may need to accept moderate risk with entering new markets and will need to manage the risk tolerance of regulatory challenges and competitive pressures of new markets. 

Baker Tilly specialists find that a straightforward eight-step process allows for the development of a comprehensive framework to effectively manage risks, enhance decision-making and support long-term resilience and success: 

1. Define objectives and scope 
2. Establish risk appetite and tolerance 
3. Conduct a risk assessment 
4. Develop risk management policies 
5. Implement risk mitigation strategies 
6. Establish monitoring and reporting mechanisms 
7. Communicate and educate 
8. Evaluate and improve 

Continue your ERM journey 

Baker Tilly provides a collaborative approach to deliver custom solutions based on each client’s respective industry, unique organizational needs and available resources to manage and mitigate risk.​​