The purpose of this paper is to discuss the objectives of enterprise‐wide risk management (ERM), the Committee of Sponsoring Organizations (COSO) ERM Framework, and outline a method to implement ERM in organizations.
This paper delineates ten steps organizations can use to develop a viable ERM system for any organization.
It is highly recommended that a high‐level risk officer with visible support from senior and board level executives has a separate function to oversee the development of an ERM department.
Although the internal audit department has a large role in evaluation and monitoring the ERM system, it is management's responsibility to develop a strong ERM function that ties corporate strategy, the budget, controls, and the entity's performance measurement systems to risk management.
The cost to the entity of implementing and maintaining of an ERM system is grossly out‐weighed by the results and knowledge gained in evaluating, assessing, and overseeing risk to insure achievement of strategic objectives over the short‐ and long‐term life of the organization.
