CMA USA PART 2 SECTION D
ENTERPRISE RISK MANAGEMENT: [ ERM]
Enterprise risk management is a process affected by an entity's board of directors.
Management and other personal applied in strategy setting and
across the enterprise design to identify the potential events that may affect the entity and manage risk, to be within its risk appetite to provide reasonable
assurance regarding the achievement of entity objectives.
Ø Corporate governance and ERM:
It is a broad term that refers to the policies and practices
that guide a company toward its objectives.
A key role of corporate governance is the guidance it
brings to the way that management access and handles risk.
In most cases, BOD is responsible for overseeing the risk
management process.
To perform its risk oversight and monitoring
activities. the BOD Is increasingly establishing risk management committees to
oversee and monitor overall enterprise risk management activity.
Further many corporating BOD has appointed a chief
risk officer CRO whose activities are supervised by the risk management committee.
Ø Management accountant's role in ERM:
Assisting in implementing ERM in the finance function.
Providing information to management to assist in risk
identification.
Assisting the management to analyze and evaluate the
risk.
Ø Review of strategic planning:
Strategy:
It is a set of actions taken by the manager of
a company to increase the company's performance.
Strategy setting includes,
1.
Strategy formulation
2.
Strategy implementation
Ø Strategy formulation:
It is a process of selecting a strategy.
Ø Strategy implementation:
It is a process of putting the selected strategy into
action.
Ø Strategy planning:
It is a long-term plan usually covering five
years or longer.
Ø Steps in strategic planning:
1.
Define companies mission, vision, value, and
goals.
2.
Analysing external factors.
3.
Analyzing internal factors.
4.
Formulating strategies
5.
Strategy implementation.
Ø Benefits of ERM:
The organization's range of opportunities is increased.
Risks are identified and managed across the enterprise.
Positive outcomes are increased while negative surprises
are reduced
Increased confidence in management.
Management will gain a better understanding of the risk.
Ø Limitations of ERM:
All cannot be eliminated from all risks of an organization.
COSO: committee of sponsoring organization:
Ø COSO 2017 ERM framework :
The COSO 2017 ERM framework includes 5 components and 20 interrelated principles.
1. Government and culture
2. Strategy and objective settings
3. Performance
4. Review and revision
5. Information communication and reporting.
Ø Governance and culture:
Ø Governance set the organization's tone.
Culture related to ethical values decides behavior etc.
Ø Governance and culture include 5 principles:
1. Exercise board risk oversight.
2. Established operating structure.
3. Defines designed culture.
4. Demonstrates commitment to a core value.
5. Attracts develops and retained capable individuals.
Ø Strategy and objective settings:
ERM strategy and objectives settings are all part of the strategic planning process.
The company determines its risk appetite and aligns its strategy with it.
It includes 4 principles,
1. Analysing business context
2. Defines risk appetite
3. Evaluate alternative strategies
4. Formulate business objectives.
Ø Performance:
The risk may that impact the achievement of the firm strategy and business objectives needs to be identified and assessed [evaluate]
Risk should be prioritized according to probability and impact.
It includes 5 principles,
1. Identified risk
2. Assesses the severity of the risk
3. Prioritised the risk
4. Implements risk responses
5. Develop portfolio views.
Ø Review and revision:
If substantial changes occur should consider what revisions are needed management should review ERM.
1. Assesses substantial changes
2. Review risk and performance
3. Persues improvement in enterprise risk management
Ø Information, communication, and reporting:
ERM involves a continuous process of obtaining and sharing necessary information received from both internal and external sources.
The communications should flow up, down, and across the organization.
It includes 3 principles,
1. Leverage information system
2. Communicates risk information
3. Reports on risk, culture, and performance.
Note: the management of risk in increasing the firm's value
The purpose of ERM is the management of risk in increasing the firm's value.