Enterprise Risk Management

The practical approach

There is no “one size fits all” enterprise risk management program (ERM) -- no single existing “model” or pre-existing “package” from consultants and others – what you adapt and adopt must be unique to your corporation’s specific needs and culture. We stress the importance of corporate culture in the development of ERM.

We take a practical approach to ERM, whether starting from the ground up or managing existing corporation infrastructure. We believe a clear distinction exists between “Enterprise Risk Management” and what we refer to as “Enterprise Compliance Management”. While both are important and complimentary, they typically require a different set of tools. Our goal is to help you develop an ERM program that enables your firm to leverage risk and while being prepared for risk adversity.

Building an ERM Framework

Our approach to developing an ERM program.

Understanding current capabilities and exposures
  • Current state assessment, including processes and gap identification.
  • Identify and priorize major risk.
  • Create an ERM vision for the future.
Developing the ERM framework
  • Infrastructure
  • Goverance
  • Risk quantification
  • Risk policies and procedures
  • Risk appetite and Risk Tolerance
  • Preliminary technology
Implementing ERM
  • ERM integration into established risk management processes
  • Final technology

Warner Risk Group’s Enterprise Risk Management (ERM) Program Diagnostics

The Warner Risk Group conducts a “diagnostic evaluation” of existing ERM programs in five areas:

Organization and Governance

Among the issues WRG evaluates: To whom does ERM report? Does ERM steering committee exist? What does the ERM team report to management and the board of directors? What is ERM’s relationship with other risk and governance areas? How does this align with the COSO, ISO 31000, the “Australian model,” and other “best practices” models it may have adopted?

Policies and Procedures

What written, documented policies and procedures exist, describing ERM’s roles, responsibilities, and reporting requirements? How frequently is this updated?

Risk Analytics (measurement and quantification)

How does the ERM group measure risk -- impact, frequency and treatment, both in terms of quantitative and qualitative data? How does the company consolidate its data? Does the company have a risk appetite statement in place? If so, what risk appetite analytics does the ERM team use?

Risk Reporting

What types of reports exist? Who receives them? Do the reports pass the “use test” test? What is the balance between descriptive and analytic reports? What information -- and how frequently -- is information provided to the board of directors? Does ERM provide senior management with information it uses in strategic planning and decision making?

Data and Technology

What data is used, both from internal and external data sources? What is the quality and reliability of the input, the software currently in use? And potential ERM and business intelligence software may be of benefit?

Corporate Boards and Enterprise Risk Management

What corporate boards need to know

It's no secret that corporate boards have struggled to come to terms with risk: Specifically, what actual risks they face and how to manage them.

Is it any wonder, then, that board and audit committee members wring their hands today -- having listened to all; in many cases appointing chief risk officers; imbuing their audit committees with professionals who are supposed to understand risk; having paid the high price of SOX and other legislation -- and they're still dissatisfied with the results? And the media continually focuses on why corporations seemingly can't get their hands around the topic?

Warner Risk Group understands this frustration -- and spends a significant amount of time with board members and 'C-suite' executives working on this cacophony of voices and advice.

The truth is there are many companies doing effective jobs of managing risk of all types -- and there's no reason many more cannot. We want to show you the way.

We specialize in working with boards who understand that, first and foremost, they need risk managers with on-the-ground, extensive experience with managing exposures of all varieties. We know the models, the challenges, the disappointments -- and help lead the way through it all, designing truly individual programs that are successful -- and where the tire can be kicked time and again, without fear of failure.

Let's team together, and find that truly unique, proactive and successful approach for you.

  • As part of its diagnostic research, WRG conducts a document review; interviews senior management to evaluate its perspective on both the current state of ERM (if any), and its future vision for it (including organization and risk governance); identifies potential opportunities where ERM may (should) be expanded within the organization; looks for any areas of overlap and/or potential synergies with other departments; looks at the ERM program from a regulatory perspective; and reviews IT opportunities and needs. This review includes a review of the existing and potential role ERM currently plays -- and what role it should play with the introduction of new products and in operational and strategic planning.
  • In working with your company, Warner Risk Group will also launch new ERM programs or improve upon and expand existing ERM infrastructure.
Web Design by TrueZeal.com

Contact Info

Larry Warner
(703) 856-0864
(407) 650-3207