Assignmennt

EnterpriseriskmanagementCorrected x

Running Head: ENTERPRISE RISK MANAGEMENT 1

ENTERPRISE RISK MANAGEMENT 9

Enterprise Risk Management

Rohan Rao Rokandlawar

University of the Cumberlands

Dr. Omar Mohamed – Professor

ITS- 835 Enterprise Risk Management

12/02/2020

Introduction

Enterprise risk management refers to the process through which organizing, planning, controlling, and leading activities are conducted to minimize the effects of risks on an organization’s earnings and capital. This is one of the components which empower ultimate vision in an organization. Proper risk management knowledge and culture leverage abilities as risk management are able to work towards the same goal (Gup, 2011).

Importance of enterprise risk management

ERM improves data quality as organizations collect very crucial data for their success. The quality of data determines the level of strategies and insights they can create. Meaning that the best quality data creates the best insights, which leads to better strategies. Better strategies lead to the best outcomes, which improves revenue generation in the future. This is a cost-effective method of managing risks. When an organization employs an enterprise risk management team, they reduce the need to spend more on each department’s resources to conduct risk management. Risk management also allows an organization to detect and proactively work towards solving a risk before it occurs (Moeller, 2011).

ERM improves risk reporting, which leads to improved efficiency and prevents the hampering of the company’s operations. An organization’s risk management team eliminates the possibility of an event taking place because it usually comes with having an automated template for making reports. It also helps in regulatory compliance through monitoring and identifying different controls in the organization. ERM ensures that there is reduced effort and time taken in making sure that compliance is maintained within the organization. Risk management gives the risk of facing organizations greater awareness of possible risks and ensures that they have the capacity to respond effectively (Gup, 2011).

Risk management enhances confidence in strategic objective achievement. This enhance improvement in effectiveness and efficiency in operations. This is because they are aware of the number of risks facing them and their abilities to respond effectively. This, therefore, allows the business to save money and set up procedures to minimize risk and cope with the impacts. Legal, regulatory, reporting and compliance are maintained (Kline, 2019).

Challenges and solutions to implementing ERM

Defining risk consistency might be a challenge because what some departments consider to be risks might differ from what the IT department does consider. A good ERM solution is supposed to give pre-built strategies for consistent terminologies and terminologies to give examiners and auditors a clear definition of risk. Reporting a risk across the organization might be a difficult task when you don’t know who to report to. This, therefore, might be a problem for the risk management team. This can be solved through outlining of a powerful enterprise which gives the department business process, procedures for audits-based reporting, and risk level (Kline, 2019).

Assessing ERM value has been a challenging task as a positive return on investment in an economy might be hard to develop. Most organizations struggle to demonstrate ERM sufficient value, which should justify the costs of implementation. The organization should bring in experts who are able to calculate the value for ERM. Business experts can also be brought in to justify whether this method of risk management is cost-effective and valuable to the organization. Defining risk is a hard task as the ERM team has to predict a risk occurrence before the risk occurs and causes damage to the organization’s resources. The organization should invest in the best risk detection methods such as penetration testing to identify possible (Mensah & Gottwald, 2016).

Multiple scenarios might occur to an organization, making it harder to identify all. An organization might be working towards proactively eliminating the possible occurrence of a certain risk, but another risk occurs. The occurrence of this will lead organizations to greater losses, and additional losses will be encountered from the use of the organization’s resources in planning against a risk that will never occur. ERM team should view a niche from a distance, and this should be accurately done. This will ensure that possible risks are prevented. Risk consideration should be done in order of the impacts they have on the organization. The one that might cause the most harm should be dealt with earlier (Albasteki, Shaukat, & Alshirawi, 2019).

Time horizon has become an issue in this. The ERM team might not get enough time to detect risk, and at the same time, a risk might occur before it has been detected. Their efforts will all be in vain, and many more resources might be lost. ERM planning should therefore start as early as the organization is able to so that risks can be identified on time before causing much harm. ERM ownership is not clearly defined in some organizations. There is, therefore, no clear definition of who should be conducting the ERM in different departments, where this activity is not being outsourced (Mensah & Gottwald, 2016).

Importance of effective ERM

An effective ERM is able to create a much-focused culture for risks in the organization. Organizations in which this has been implemented incur senior-level risk focus, which allows cultural shift. It allows the risk to be considered much openly, and silos are broken down with respect to how the management of risk is done. Standardized risk reporting is also affected. ERM supports reporting, better structure, and risk analysis. Standardization tracks risks in an enterprise, enhancing the improvement of executives and directors by providing enough data for decision mitigation. Effective ERM provides improved data flexibility, conciseness, and timeliness. This helps management in unlocking and recognizing synergies by sharing and aggregating all corporate risk factors and data and evaluate them in consolidation (Moniruzzaman, 2020).

Effective ERM improves perspective and focuses on risk. Leaders of ERM develop detectors that help in detecting possible risks, which provide early warning. More complete risk viewpoints are permitted by ERM. ERM ensures efficient use of resources as it improves the tools and framework used to perform risk management critical functions. This eliminates redundant processes by efficiency improvement by allocating the amount of the correct resources to be used in mitigating a risk. Effective compliance matters and coordination of regulatory is enhanced by effective ERM policies. Regulatory examiners, financial auditors, and rating agencies have been using information from the ERM data to mitigate the organization.

An organization effectively utilizing ERM.

Strabag international company is a construction company commonly known for the use of ERM. This company has been mostly using ERM in securing its IT systems. They have very many customers and suppliers that they deal with, whose information has to be secured. ERM has, therefore, been helping them detect risk before it can occur. Improvement in technology comes hand in hand with increasing cyber threats, which calls for risk management teams to identify possible threats. Risk identification before occurrence saves organizations a lot because they might have encountered very many losses if the risk could have occurred. Strabag carries more information concerning suppliers, customers, and the organization itself, which might therefore lead to losses and ruining of reputation if this information lands into unauthorized hands (Nason, 2011).

Information security generally has been facing a risk of access by unauthorized businesses and customers. A security risk might be targeting a particular system network, which might be risking all the customers who are using the systems. It will be easier for small business systems to be attacked because most of them are not able to put the required measures to protect their systems. This organization is also at risk of an attack when the vendors supply critical data for the company, giving the vendor a chance to access the organization’s critical information. Other risks are related to a lack of control because you are not able to take control and change some of the features. The availability of risks increases the chances of being attacked. There are some unavoidable risks, which might be caused by critical information landing into unauthorized hands (Moniruzzaman, 2020).

Strabag’s systems can be secured by managing your user access to ensure that only allowed users can access the systems. Risk management should be able to identify any intruder trying to access the courses. This will ensure that any attacker had been detected on time before they can be able to do some damages to the systems. There is also a need to ensure that automate user’s activities and logs to ensure that details for logging into the systems remain secure. According to (Olson & Wu, 2008 ), “When much information about the scheme is handled by very many parties, it puts the systems to risks of being attacked by threat agents.” Making a common effort in securing the systems ensure effective security systems eliminating the chances of being attacked. Security is important for any organization, and bringing this together to solve it from a common point makes it easier.

Risk management can identify various niches existing in the system so that this can be corrected and also secured by managing your user access to ensure that only allowed users can be able to access the systems. Various measures should be put in place to identify any intruder trying to access the systems. This will ensure that any attacker had been detected on time before they can be able to do some damages to the systems. There is also a need to ensure that automate user’s activities and logs to ensure that details for logging into the systems remain secure. When very many parties handle many details about the system, it puts the systems at risk of being attacked by threat agents(Nason, 2011).

Over the past years, cyber-attacks have had tremendous growth, and most businesses have found the need to use cybersecurity methods to protect their information. With more daily activities being conducted online, the security network transmits receive tons of daily data volumes. The said data has given cybercriminals sleepless nights as they try to devise plans and strategies to access that data. The most secure way for business owners to ensure their businesses’ security is by using SECaaS (Olson & Wu, 2008).

Conclusion

In conclusion, the main purpose of risk management is the identification of potential problems that are likely to occur to an organization and try leveraging them or eliminating their causes. Risk handling might be invoked throughout the project life. This being a systematic and logical method of establishing identification, context, and evaluation enables an organization to minimize possible losses and maximize existing opportunities. I would recommend organizations invest much in risk management processes as there are increased levels of risks that might cause the occurrence of a risk(Sweeting, 2017).

Improved technology comes with the need to improve expertise in risk management. ERM identifies areas of risk that could impact an organization negatively. Any incident that can impact the success of any organization negatively needs proactive managing. Risk management must first identify the areas of concern such as finance, business safety, technology, and investments so that they are able to identify the areas which require much attention. Risks level is measured depending on the harm it causes to an organization; therefore, a risk that might cause more harm should be dealt with first (Moeller, 2011).

References

Albasteki, O., Shaukat, A., & Alshirawi, T. (2019). Enterprise risk management (ERM): Assessment of environmental and social risks from ERM perspective. KnE Social Sciences. doi:10.18502/kss.v3i25.5195

Gup, B. E. (2011). Bank capital regulation and enterprise risk management. Enterprise Risk Management, 337-350. doi:10.1002/9781118267080.ch19

Kline, J. (2019). Enterprise risk management in government: Implementing ISO 31000:2018. Cerm Academy Series on Enterprise Risk Management(tm).

Mensah, G., & Gottwald, W. (2016). Enterprise risk management: Effective implementation.

Moeller, R. R. (2011). COSO enterprise risk management: Establishing effective governance, risk, and compliance processes. John Wiley & Sons.

Moniruzzaman, M. (2020). Enterprise risk management (ERM) in the banking sector: Evidence from Bangladesh.

Nason, R. (2011). Credit risk management. Enterprise Risk Management, 261-278. doi:10.1002/9781118267080.ch15

Olson, D. L., & Wu, D. (2008).  . Springer Science & Business Media.

Sweeting, P. (2017). An introduction to enterprise risk management. Financial Enterprise Risk Management, 1-10. doi:10.1017/9781316882214.002

Wu, D. D., & Olson, D. L. (2015). Enterprise risk management in finance. Palgrave Macmillan.