Enterprise Risk Management Questions ?

COSO-Based ERM Program

How we build Committee of Sponsoring Organizations of the Treadway
Commission(COSO)-based Enterprise Risk Management (ERM)
programs for organizations

OutsourceRM™ develops COSO-based ERM programs for firms in the healthcare (non-insurer), energy, higher education, banking, real estate, charitable foundation, telecommunications, manufa- cturing and non-insurance industries. We leverage a firm’s existing risk management and enterprise business objectives or goals to conduct an enterprise risk assessment that identifies and quantifies the firm’s enterprise-wide risks. Using the probability and operational and financial impacts of each enterprise-wide risk, we distill the identified enterprise-wide risks to the most material.


Once this prioritization is complete, we capture and summarize the additional key elements senior management needs to know about each material enterprise-wide risk in order to make risk-aware decisions. These additional elements include the causal factors or primary drivers of the risk, how the risk is currently managed and monitored, the risk’s control measures, the metrics used to track the risk’s control measures, the owner(s) of the risk and the status of any required action for managing and monitoring the risk.

Depending on a firm’s existing governance structure, we would conduct interviews and surveys of the key business units’ heads or moderate a series of high level risk sessions with the firm’s risk committee or equivalent to gather and summarize the key elements of each material enterprise-wide risk. Also, through these interviews and surveys or risk sessions, we capture information that we use to create each risk’s response and develop the following risk-based performance measurement tools that the firm’s risk committee or members of the board of directors would use to administer the firm’s ERM program.

A COSO-based ERM program would help drive value and strategy for any organization in addition to helping the organization achieve regulatory compliance where the program is not treated as a one-off event. As such, each COSO-based ERM program we build is iterative and recursive. We work with each firm to put into place a risk committee, educate this committee on how to generate the mentioned risk management and monitoring reports, upload the developed reports and risk responses into a risk reporting and management information system and teach the firm how to update the reports and responses. This four-step knowledge transfer process enables any organization to continuously administer its ERM program.

Refine your risk management knowledge