EYs ERM Roadmap

Many consulting and risk management firms have their own methodologies for implementing Enterprise Risk Management Framework for their clients. Some use the COSO’s ERM Frameworks, others have developed their own models and methodologies and still others, although having own methodologies prefer to customize model specifically for the client.

The methodology below is used by EY – India for ERM roadmap. The information below has been summarised based on presentation delivered by EY India in 2008 at Bangalore. For further information, readers may please contact EY-India.

STEP 1: Identify Risk Universe

STEP 2: Develop Risk Library - Goal is to come from 1000 to 40 key risks and group them in some logical grouping.

STEP 3: Formulate Risk Assessment- This involves aspects such as Prioritize risks and assess on Probability/Impact scales

STEP 4: Identify risks that matter. Need to carry out a risk profile. Further, need to identify 5-10 risks which are mission critical for the organisation.

STEP 5: Group these 5 or 10 risks in two buckets. These two buckets are labeled “critical – well managed” and “critical – ill managed.

STEP 6: Develop risk mitigation plan for those risks that form part of the “critical – ill managed” bucket.

STEP 7: Institutionalize Risk management framework for long term effectiveness.

STEP 8: Continues reporting of ERM Performance for success stories, motivation and desire to continue the ERM programme long after it was initially implemented.

One key aspect of the above methodology is grouping of risks in two buckets. As we note above, critical but well managed risks are not in the limelight. And this is the correct way to go. Organisation may have many top risks that are well managed. But organisations continue to define extensive process notes, policies, monitoring mechanisms etc to further manage them. This results in loss of focus. Management time is precious and so it is important that such resources be channeled for those risks that have gaps and require immediate attention.

So, EY methodology goes a step further. Not only does the company focus on top 5 or 10 risks, but even amongst those, the real focus is only on ill managed risks from those top 5 or 10 risks.

Other Services of Interest

  • Celebrating 1 Year of GDPR - Webinars from Riskpro

    GDPR turns ONE on 25 May 2019. On this Anniversary, lets explore what the last 12 months meant for global companies as it relates to Data Protection and Privacy. Riskpro India has organised 6 GDPR...
  • Procurement Fraud - Riskpro can help

    If you suspect procurement fraud, do contact Riskpro India and we can help to unearth the suspicious activity. Following are some of the ways in which we can help. 1. Review of onboarding...
  • GDPR - Data Privacy Trainings - Six Webinar on GDPR Anniversary - Riskpro

    GDPR turns ONE on 25 May 2019. On this Anniversary, lets explore what the last 12 months meant for global companies as it relates to Data Protection and Privacy. Riskpro India has organised 6 GDPR...
  • HIPAA Awareness Training (Mandatory) - Riskpro India

    EVENT OVERVIEW: HIPAA stands for the Health Insurance Portability and Accountability Act and is a US regulation that deals with security measures for protecting patient’s medical records. Employees...
  • SEBI's Insider Trading Amendment - Free Webinar by Riskpro India

    Another important compliance topic that kicks off today. SEBI Amendment to Insider Trading Regulations. Join us for an hour to learn the important changes and how to deal with these. Register -...
  • Sox Training

    Our sox training covers the following points. 1. What is SOX? 2. The Act and its Sponsorors. 3. The background for bringing in this act. 4. Major Sections in the Act 5. Section 404 overview 6...
  • GDPR Countdown

    Riskpro is working hard so that clients can GDPR deadline as the clock ticks away.
  • EU-US Privacy Shield for Data Transfers

    Come GDPR (General Data Protection Act) and EU-US PRivacy shield will assume more importance. Privacy Shield Overview The Privacy Shield program, which is administered by the International Trade...
  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Go to top