Enterprise Risk Management

Michael Herrera

Enterprise Risk Management (ERM) is a process performed by an entity’s Board of Directors, management and other personnel, applied in strategy setting and across the enterprise. The ERM is designed to identify events that may affect the enterprise, manage risk to be within its risk appetite, and provide reasonable assurance regarding the achievement of entity objectives.

The ERM framework consists of eight (8) components:

Internal Control Environment – Encompasses the tone of an organization and sets the basis for how risk is viewed and addressed; including risk management philosophy and risk appetite, integrity and ethical values and the environment in which they operate.

Objective Setting – This must occur before management can identify potential events affecting their achievement. ERM ensures that management has a process in place to set objectives – the chosen objectives should support and align with the company’s mission and be consistent with its risk appetite.

Event Identification – Both internal and external events affecting achievements of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management’s strategy or objective-setting processes.

Risk Assessments – Consider the likelihood and impact as a basis for determining how risks should be managed. Risks should be assessed on an inherent and a residual basis.

Risk Response – Management should develop a set of actions (avoiding, accepting, sharing, or reducing) to align risks with the company’s risk tolerance and risk appetite.

Control Activities – Establishing and implementing policies and procedures to help ensure the risk responses are effectively carried out.

Communication of Relevant Information – Identified, captured and communicated in a format and timeframe that enables people to carry out their responsibilities.

Monitoring – The ERM should be observed and, if necessary, modified. Monitoring is accomplished though ongoing management activities, separate evaluations, or both.

The capabilities inherent in ERM help management achieve the company’s performance and profitability targets and prevent loss of resources.  EMR helps a company get to where it wants to go and avoid pitfalls and surprises along the way.

About
Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.