EisnerAmper understands ERM Methodology is evolutionary and holds that there are three key growth stages in the methodology continuum:
Each stage requires a different level of commitment from your business and leverages specific tools to optimize the use of resources expended in managing risk.
Stage 1: "Compliance" ERM programs focus on risks related to the business' external requirements. Compliance ERM programs use checklists, develop annual risk inventories, and place heavy-reliance on existing personnel to achieve a measurable result. Though Compliance ERM programs are less costly than the other two ERM stages and can satisfy rating agencies and regulators, they fall short in discovering new and developing risks and provide limited incremental protection from risk, which leads to a lower return on investment for the program.
Stage 2: "Integrated Risk" ERM programs use a top-down approach directed by the ERM leadership team and leverage dedicated specialists to drive the ERM program. Though Integrated Risk ERM programs integrate the key approaches used in compliance (e.g. Internal Audit, SOX, Regulatory, Technology) and establish a "risk aware" culture, measuring a return on investment remains a challenge, as this approach is significantly more costly than a Compliance ERM program.
Stage 3: "Value-at-Risk" ERM programs are considered to be the most mature and include the benefits of a Compliance ERM program and an Integrated Risk ERM program. A Value-At-Risk program produces a full mapping of business objectives, risks, and control activities (called "ORCA") across the enterprise and leverages continuous controls monitoring and advanced software to deliver a comprehensive ERM program. When executed successfully, a Value-At-Risk ERM program enables your business to embrace risk and provides a means to measure the return on investment of the ERM program. As with any comprehensive business initiative, however, a Value-At-Risk program is the most costly and requires a considerable up-front resource commitment to start.
Regardless of where your business resides on the risk program continuum, EisnerAmper will help your business identify the appropriate ERM program based on your current needs and previous experience with risk management.
Search Enterprise Risk Management articles