EYs ERM Roadmap | Riskpro India - Connect with Risk Professionals

Many consulting and risk management firms have their own methodologies for implementing Enterprise Risk Management Framework for their clients. Some use the COSO’s ERM Frameworks, others have developed their own models and methodologies and still others, although having own methodologies prefer to customize model specifically for the client. The methodology below is used by EY – India for ERM roadmap. The information below has been summarised based on presentation delivered by EY India in 2008 at Bangalore. For further information, readers may please contact EY-India. STEP 1: Identify Risk Universe STEP 2: Develop Risk Library - Goal is to come from 1000 to 40 key risks and group them in some logical grouping. STEP 3: Formulate Risk Assessment- This involves aspects such as Prioritize risks and assess on Probability/Impact scales STEP 4: Identify risks that matter. Need to carry out a risk profile. Further, need to identify 5-10 risks which are mission critical for the organisation. STEP 5: Group these 5 or 10 risks in two buckets. These two buckets are labeled “critical – well managed” and “critical – ill managed. STEP 6: Develop risk mitigation plan for those risks that form part of the “critical – ill managed” bucket. STEP 7: Institutionalize Risk management framework for long term effectiveness. STEP 8: Continues reporting of ERM Performance for success stories, motivation and desire to continue the ERM programme long after it was initially implemented. One key aspect of the above methodology is grouping of risks in two buckets. As we note above, critical but well managed risks are not in the limelight. And this is the correct way to go. Organisation may have many top risks that are well managed. But organisations continue to define extensive process notes, policies, monitoring mechanisms etc to further manage them. This results in loss of focus. Management time is precious and so it is important that such resources be channeled for those risks that have gaps and require immediate attention. So, EY methodology goes a step further. Not only does the company focus on top 5 or 10 risks, but even amongst those, the real focus is only on ill managed risks from those top 5 or 10 risks.