decision makers, decision, management, magazine, books, articles, research, business

decision makers, decision, management, magazine, books, articles, research, business

Issue No:08/05/1

Enterprise Risk Management

As world economies evolve into service driven and globally oriented economies, many new risk factors have come into consideration.. Financial risks such as currency fluctuations, human resources in foreign countries, major disasters such as Tsunami, earthquakes, floods etc and factors such as fluctuations in distribution channels, foul play in corporate governance are just few of them. ERM has emerged as one of the most important tools for managing compliance and avoiding the risk of non-compliance.

ERM can be defined as follows:

ERM is the discipline by which an organization in any industry assesses, controls, exploits, finances and monitors risks from all the sources for the purpose of increasing the organization's short and long term value to its stake holders.

Overview of ERM

For monitoring the performance of an organization with respect to corporate objectives, it is imperative to form control mechanisms that enable the identification of risks and which meet the predefined objectives. Two complementary frameworks for internal control mechanisms have emerged as the de facto standard through which companies should be regulated and measured. These are called as Turnbull framework and COSO framework. The Turnbull framework is based on 1999 publication Internal Control Guidance for Directors on the Combined Code. The COSO framework is based on 2004 publication on Enterprise Risk Management Integrated framework. Both the frameworks suggest that base of effective system of governance and internal control is proactive, efficient and sustained ERM.

The Framework of ERM can be summarized as follows
  • Establishing context
  • Identifying the risks
  • Analyze/Quantify/Integrate risks
  • Prioritize risk
  • Treat/Exploit risks
  • Risk assessment/ Treatment
Enterprise Risk Management
Risk Modeling for an Enterprise:
Risk modeling refers to the models and methods used to evaluate risk and performance measures. Most organizations usually possess a simple financial model of their operations that describes how various inputs (i.e. risk factors, conditions, strategies and tactics) will influence the key performance indicators, which are used to manage the organization. Most of the structured financial models are deterministic models as they describe the expected outcomes from a given set of inputs without considering the probabilities of their outcome above or below the expected values and these models can be converted into stochastic models by treating certain inputs as variables.

There is a wide variety of risk modeling methods, which can be applied to a given task. They can be classified on the basis of the extent to which they rely on expert input as against availability of historical data. The classification can be given as below.


(1) Methods which primarily rely on the availability of historical data

a) Empirical distributions
b) Regression
c) Extreme value theory
d) Stochastic differential equations


(2) Methods which primarily rely on expert input rather than historical data

a) Delphi method
b) Influence diagrams

Sometimes the expert judgment is used to develop the logic of the model for supplementing the missing data besides the available data from the historic records.
(3) The methods which rely on both the expert input and historical data

a) Bayesian belief networks
b) Fuzzy logic


These models are basically suited for the operational risk and the strategic risk.

Sometimes risks in the enterprise are related to each other. To predict the relationships which exist between two risks can be done through covariance matrix or through structural simulation of the model of an enterprise. As an example, using the economic scenario generation model, inflation rates and interest rates can be generated. The risk integration is also possible to analyze through structural simulation of the model. This allows a person to capture the dependencies among variable inputs in a simple, accurate and logically consistent way of the model's cause/effect linkages of these inputs to common higher-level inputs.

Risk mapping is done to prioritize risk according to frequency of risk, severity of risk or both. Risks in an enterprise can be monitored using risk dashboards, which is a graphical interface to represent the risks in an organization against their tolerance levels. Some of the measures required for the risk management can be financial, human resources, marketing, underwriting, sales/distribution, investments, claims and other external data.



Thus, ERM is a properly structured and disciplined approach to managing risks. ERM aligns the strategies, processes, technologies and knowledge of an organization in order to ameliorate its ability to manage the uncertainties it faces. An enterprise wide risk management capability increases the risk sensitivity of the organization and decreases its functional barriers. Thus, ERM enhances the value of the organization as a whole.
© 2000-10 DecisionCraft Inc.