Enterprise Risk Management Questions ?

Enterprise Risk Management - Definitions

1. Enterprise risk management or Enterprise-wide risk management or ERM
A systematic and continuous risk management approach used by organizations to manage and monitor the risks that impact the achievement of the organization's goals.

2. Create and implement ERM platform
A series of risk management steps that involve the conducting of an enterprise risk assessment, using data and information acquired from the assessment to develop such tools as risk register, risk heat map, risk tornado diagrams and risk dashboards (collectively, enterprise risk management platform).

3. ERM vendor
An enterprise risk management professional or organization holding him, her or itself as a professional who develops and implements enterprise risk management for organizations. Where a professional individual, the professional may hold such designations as ARM-E, ARM, FRM or CPCU.

4. Risk Management
An approach for identifying, assessing and prioritizing risks that impact the achievement of an organization's goals. The primary objective of the approach is to enable an organization develop and implement process, procedure, policy, system and human capital strategies to manage risks.

5. Outsource Risk Management
An Enterprise Risk Management (ERM) consulting firm located in Newport Beach, CA that creates the ERM platforms that organizations use to effectively manage and monitor enterprise risks. Also, Outsource Risk Management conducts Enterprise Risk Audits™ (ERAs™) to evaluate the key risk management processes, procedures, policies, systems and human capital that an organization's risk management program uses to manage and monitor risks.

6. Enterprise risk assessment
A systematic question and answer process (achieved through a combination of surveys, interviews and consensus building meetings) which is designed to carefully identify, assess and prioritize an organization's risks.

7. Enterprise-wide risk assessment
A systematic question and answer process (achieved through a combination of surveys, interviews and consensus building meetings) which is designed to carefully identify, assess and prioritize an organization's risks.

8. Risk register
A tool developed at the risk owner level that on an ongoing basis shows the quantitative or qualitative measurements of risks and other key information concerning a risk that a risk owner needs to know in order to effectively manage the risk. Examples of key risk information include type of risk, key drivers of risk, probability or financial impact of risk, current risk management, current metrics used to manage and monitor risk, the next action steps a risk owner plans to take to manage or mitigate risk, etc.

9. Risk heat map or heat map
A tool used to convey large amounts of information, particularly the probability and financial impact of risks, visually. Use of this tool promotes continuous change in that it allows the user to trend large amounts of information over time.

10. Tornado diagram
A tool used to depict the impacts of a risk’s drivers on the risks. A risk tornado diagram therefore measures the sensitivity of a risk’s drivers to effectuating change in the risk. The driver with the widest range of change is deemed as the key driver that effectuates change in the risk and vice versa. This schematic enables an organization to efficiently allocate resources needed to manage a risk as the driver with the widest range of change is first in line for resources and vice versa.

11. Risk dashboard or dashboard
A risk management tool used to monitor or track changes in a risk’s levels. Changes in a risk’s levels are generally tracked with a metric. The risk dashboard is important for benchmarking the performance of an organization’s risk management program to that of the industry or peers.

12. Monitor risks
A systematic process of tracking changes in the risk’s levels. Monitoring enables the organization to make definitive statements about a risk and trend the risks.

13. Manage risks
A decision to control risks, the drivers or impacts of the risk. The control of the risk could include avoidance, outsourcing all or part of the risk to third parties, mitigation, acceptance, etc. The decision is coordinated to meet or satisfy the goal or goals of the organization.

14. Assess risks
A process of determining the quantitative and/or qualitative measurements of the value of the risk. The goal is to quantify risks such that their potential impacts or nature can be tracked and trended.

15. Risk assessment
A process of determining the quantitative and/or qualitative measurements of the value of the risk. The goal of this iterative process is to quantify risks such that their potential impacts or effects can be tracked and managed.

16. Prioritize risks
The process for ranking risks based on the materiality of the risks to an organization. The traditional method used to rank risks is by applying the probability of risks and/or financial or operational impact of the risks. A more robust method is by applying a total risk score to rank risks. The goal of prioritizing risks is to facilitate efficient resource allocation in order to effectively manage and monitor risks.

17. Risk-based performance management
The process of adjusting the performance of an organization with material risk measurements. One school of thought is of the opinion that such adjustments provide a more realistic measurement of the performance of an organization. A second school of thought is of the opinion that the adjustments provide a basis for continuously managing and monitoring the actual performance of an organization.

18. Risk financing
The process of setting aside resources usually money to cover or compensate parties who are impacted (sustained losses or damages) by the risks. Insurance is a key risk financing tool.

19. Risk or loss control
A process, procedure, policy, system or human capital designed to manage or prevent risks before they occur and/or reduce or mitigate the impacts (losses or damages) the risks have on the parties who sustained such losses or damages when the risks occurred. 20. Risk communication A systematic process of conveying and sharing important information about risks (e.g., impacts, characteristics, drivers of risks) to parties who need these information to make decisions.

21. Risk owner
A person or an entity accountable for the identification, assessment, treatment and monitoring of a risk in a specific environment.

22. Risk responses
A process, procedure, policy, system or human capital that parties who are impacted by a risk deploy to prevent or manage the risk and its impacts (losses or damages).

23. Risk appetite
The events or perils and levels of impact that an organization intends to retain, treat and monitor.

24. Risk tolerance
The level of residual risk that an organization and its stakeholders are willing to bear within a given strategic context.

25. Risk attitude
The opinion an individual or an entity has about how risky it is do business. The opinions can be classified as pragmatic, conservative, maximizing and managing. Pragmatists believe that the world is uncertain and unpredictable. Conservatives believe in peril and high risk. Maximizers see the world as low-risk and fundamentally self-correcting. Managers believe the world is moderately risky but not too risk for organizations that are properly guided.

26. Probability of risk
The likelihood that a risk or peril would occur. The probability of risk generally falls between 0 and 1.

27. Impact of risk
The effect or consequence that results from the occurrence of a risk. In broad terms, risks have three impacts: financial or operational or both.

28. Frequency of risk
The number of times a risk occurs within a defined period.

29. Financial impact of risk
The effect or consequence (measurable in monetary denominations, say US Dollars) that results from the occurrence of a risk.

30. Operational impact of risk
The effect or consequence (measurable in terms of process, procedure, system, policy or human capital disruptions, e.g., bottlenecks, untimely delivery, etc.) that results from the occurrence of a risk.

31. Audit risk management programs
A process for evaluating whether a risk management program is able to prevent or manage the risks for which it has been designed to prevent or manage.

32. Risk management procedures manual
A written document that communicates how an organization intends to manage specific risks.

33. Manage risks in contracts
The use of vernacular or legal language and tools in an agreement to clearly define the party who bears risks, convey risk-shifting or sharing and how damages would be liquidated or apportioned in the event the risk or peril occurs.

Refine your risk management knowledge