There is no “one size fits all” enterprise risk management program (ERM) -- no single existing “model” or pre-existing “package” from consultants and others – what you adapt and adopt must be unique to your corporation’s specific needs and culture. We stress the importance of corporate culture in the development of ERM.
We take a practical approach to ERM, whether starting from the ground up or managing existing corporation infrastructure. We believe a clear distinction exists between “Enterprise Risk Management” and what we refer to as “Enterprise Compliance Management”. While both are important and complimentary, they typically require a different set of tools. Our goal is to help you develop an ERM program that enables your firm to leverage risk and while being prepared for risk adversity.
Our approach to developing an ERM program.
The Warner Risk Group conducts a “diagnostic evaluation” of existing ERM programs in five areas:
Among the issues WRG evaluates: To whom does ERM report? Does ERM steering committee exist? What does the ERM team report to management and the board of directors? What is ERM’s relationship with other risk and governance areas? How does this align with the COSO, ISO 31000, the “Australian model,” and other “best practices” models it may have adopted?
What written, documented policies and procedures exist, describing ERM’s roles, responsibilities, and reporting requirements? How frequently is this updated?
How does the ERM group measure risk -- impact, frequency and treatment, both in terms of quantitative and qualitative data? How does the company consolidate its data? Does the company have a risk appetite statement in place? If so, what risk appetite analytics does the ERM team use?
What types of reports exist? Who receives them? Do the reports pass the “use test” test? What is the balance between descriptive and analytic reports? What information -- and how frequently -- is information provided to the board of directors? Does ERM provide senior management with information it uses in strategic planning and decision making?
What data is used, both from internal and external data sources? What is the quality and reliability of the input, the software currently in use? And potential ERM and business intelligence software may be of benefit?
It's no secret that corporate boards have struggled to come to terms with risk: Specifically, what actual risks they face and how to manage them.
Is it any wonder, then, that board and audit committee members wring their hands today -- having listened to all; in many cases appointing chief risk officers; imbuing their audit committees with professionals who are supposed to understand risk; having paid the high price of SOX and other legislation -- and they're still dissatisfied with the results? And the media continually focuses on why corporations seemingly can't get their hands around the topic?
Warner Risk Group understands this frustration -- and spends a significant amount of time with board members and 'C-suite' executives working on this cacophony of voices and advice.
The truth is there are many companies doing effective jobs of managing risk of all types -- and there's no reason many more cannot. We want to show you the way.
We specialize in working with boards who understand that, first and foremost, they need risk managers with on-the-ground, extensive experience with managing exposures of all varieties. We know the models, the challenges, the disappointments -- and help lead the way through it all, designing truly individual programs that are successful -- and where the tire can be kicked time and again, without fear of failure.
Let's team together, and find that truly unique, proactive and successful approach for you.