Enterprise Risk Assessment and Management
Over a decade ago, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued Internal Control – Integrated Framework to help businesses and other entities assess and enhance their internal control systems. Today, the need for strong systems of internal control continues to grow and the importance of corporate governance has never been higher. Recently, COSO issued Enterprise Risk Management – Integrated Framework, which expands on internal control and provides a more robust and extensive focus on the broader subject of enterprise risk management. High-profile business scandals and failures in recent years which have led to new laws and regulations, such as Sarbanes-Oxley, confirm this broader view is critical. Our ‘Enterprise Risk Management’ services are designed to assist clients in the performance of enterprise-wide risk assessments and the implementation of related risk management programs.
Today, the need for strong systems of internal control continues to grow and the importance of corporate governance has never been higher. High-profile business scandals and failures in recent years which have led to new laws and regulations, such as Sarbanes-Oxley, are evidence of this need. The use of enterprise-wide risk management programs can be a tool for improving the control environment in your company. Every company must be aware of and deal with the risks it faces. It must set objectives, integrated with the sales, production, marketing, financial and other activities so that the organization is operating in concert. It also must establish mechanisms to identify, analyze and manage the related risks.
GBQ’s Enterprise Risk Management services are designed to assist companies in the performance of enterprise-wide risk assessments and the implementation of related risk management programs.
Primary Objectives
- Understanding of the organization’s business, strategic objectives, product and service offerings and business processes;
- Documentation of business processes to facilitate identification of the risks within the process;
- Identification and assessment of inherent risks in business processes that could impact the organization if not managed appropriately;
- Understanding of the organization’s control environment and identification and testing of specific internal controls implemented by management to mitigate inherent risks to an acceptable level;
- Communication to management and the Audit Committee, the results of assessment work and other recommendations related to internal control and process improvement enhancements;
- Post-assessment monitoring of issue resolution.
Benefits
- Aligning Risk Appetite and Strategy: Management considers the entity’s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks.
- Enhancing Risk Response Decisions: Enterprise risk management provides the rigor to identify and select among alternative risk responses – risk avoidance, reduction, sharing and acceptance.
- Reducing Operational Losses and Surprises: Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses.
- Identifying and Managing Multiple and Cross-Enterprise Risks: Every enterprise faces a myriad of risks affecting different parts of the organization, and enterprise risk management facilitates effective response to the interrelated impacts, and integrated responses to multiple risks.
- Seizing Opportunities: By considering a full range of potential events, management is positioned to identify and proactively realize opportunities.
- Improving Deployment of Capital: Obtaining robust risk information allows management to effectively assess overall capital needs and enhance capital allocation.
GBQs Enterprise Risk Management risk categories, assessment flow and heat map