EYs ERM Roadmap

Many consulting and risk management firms have their own methodologies for implementing Enterprise Risk Management Framework for their clients. Some use the COSO’s ERM Frameworks, others have developed their own models and methodologies and still others, although having own methodologies prefer to customize model specifically for the client.

The methodology below is used by EY – India for ERM roadmap. The information below has been summarised based on presentation delivered by EY India in 2008 at Bangalore. For further information, readers may please contact EY-India.

STEP 1: Identify Risk Universe

STEP 2: Develop Risk Library - Goal is to come from 1000 to 40 key risks and group them in some logical grouping.

STEP 3: Formulate Risk Assessment- This involves aspects such as Prioritize risks and assess on Probability/Impact scales

STEP 4: Identify risks that matter. Need to carry out a risk profile. Further, need to identify 5-10 risks which are mission critical for the organisation.

STEP 5: Group these 5 or 10 risks in two buckets. These two buckets are labeled “critical – well managed” and “critical – ill managed.

STEP 6: Develop risk mitigation plan for those risks that form part of the “critical – ill managed” bucket.

STEP 7: Institutionalize Risk management framework for long term effectiveness.

STEP 8: Continues reporting of ERM Performance for success stories, motivation and desire to continue the ERM programme long after it was initially implemented.

One key aspect of the above methodology is grouping of risks in two buckets. As we note above, critical but well managed risks are not in the limelight. And this is the correct way to go. Organisation may have many top risks that are well managed. But organisations continue to define extensive process notes, policies, monitoring mechanisms etc to further manage them. This results in loss of focus. Management time is precious and so it is important that such resources be channeled for those risks that have gaps and require immediate attention.

So, EY methodology goes a step further. Not only does the company focus on top 5 or 10 risks, but even amongst those, the real focus is only on ill managed risks from those top 5 or 10 risks.

Other Services of Interest

  • Cloud Security - Knowledge Snippets

    Riskpro presents a series of 5 articles / newsletters on cloud security. Cloud computing is attractive because it offers agility, resiliency and economy to organisations which adopt it. What is less...
  • Corporate Training Ideas - Risk Management and Compliance

    The following training options are appropriate for Banks, NBFC and small banks. • Basic fundamentals of Risk Management (half day) o Including Fraud, Reputational Risk issues also apart from...
  • Third Party Risk Management (TPRM) - Webinar

    EVENT OVERVIEW: TPRM or Third Party Risk Management is not a new concept, but something that needs to be addressed today. With Cybersecurity, Privacy issues emerging every day, often we find that...
  • Global Compliances - Free Webinar on key Global Regulations

    EVENT OVERVIEW: Riskpro India is conducting a free webinar on how to be future ready with respect to Global Compliances. Alleviate risk and strengthen your control on global compliance with this...
  • Sarbanes Oxley (SOX) Compliance - Free Webinar

    EVENT OVERVIEW: Riskpro India is conducting a free webinar on SOX (Sarbanes Oxley) Compliance which will take you through the applicability and requirements of the SOX 404 and 302 Act. The...
  • Internal Audit and IT Audit on Temporary Basis

    Due to the importance of regulatory compliances, it has become essential that companies are able to audit the business operations effectively. To meet this growing demand, Riskpro India offers...
  • India: Data Protection Services

    The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Now India has its own version of Data protection regulation that will change...
  • Fire Safety Assessments and Training

    Some of our features of Fire Safety Assessments and Training • Fire Science • The common causes of fire • Identify fire hazards • Types of fires and extinguishers • Fire...
  • Go to top