Introduction: Enterprise Risk Management (ERM) is a systematic approach that organizations undertake to identify, assess, prioritize, and manage various risks that could impact their objectives. This comprehensive guide explores each step of the ERM process, providing insights into risk identification, assessment, mitigation, and ongoing monitoring.
Steps involved in ERM process in an organization.
Definition: understanding about the Enterprise Risk, what actually risk are here in specific business processes. How these risks are to be managed, respond and controlled, all that is ER management.
Next thing comes component of ERM: this basically include actual process or steps of ERM:
Risk identification in specific operation, business segments, activity or process. It could be internal and external.
Risk assessment means identifying the attributes of ER in quantitative approach or qualitative approach. Qualitative approach refers to assessing whether the risk is impacting business in High, Medium or low way. This is identified by assessing the Impact on business and frequency/likelihood of risk in a given period of time say in a year.
Next step is Risk Mitigation/Managing/Action plan this involve how are you going to treat the risk or what step you are going to take against the identified risk. This could be Risk avoidance, reduction, transfer, acceptance.
And then final is continuous monitoring/documentation/reporting involve reporting, documenting for future references and analysis.
ERM is a process in which management identifies, assesses, prioritize and manage the various risk. These risks basically are those which create hurdles in achieving the organization objectives. In layman language it is a process of identifying the negative things due to which business may get hampered.
Let me explain it with an example: Mr. A is running a textile business in Meerut-UP. He wants to apply for the ERM process. He wants to identify various risks associated in his business. This could be the equipment breakdown, non-availability of maintenance services from equipment supplier, non-availability of skilled labour forces, disruption in supply chain management system, changing in test of customers etc. this could be various risk that can be identified. This phase called risk identification.
Now after noting the above identified risk Mr. A. now will assess the attribute of the risk, how frequently these are going to happen and to what extent they are going to impact the business. Say, how much time equipment breakdowns in a year 2 time or 3 or 4 time this is called the frequency of risk, and further how it is impacting the business, what do you say about it’s impact, think. Let me tell you if the main production machinery stopped working 3-4 times is a year, your production is directly hampered this is critically impacting your business. And consider how much time being taken up in repairing the machine. You made requests to supplier to send engineering who will come after 24 hours and will take a day to repair the machine and then on 3rd day machine will back to production. Here you lose 2 days production or directly to say no sale for 2 days. Now you can yourself assess the impact of this breakdown. This phase called Risk Assessment.
Now you just now come to know the risk and how it is impacting what should be your action plan to overcome these issues.
Next step Mr. A is going to take is to handle this situation not to let the machinery ne breakdown so many time, reduce the breakdown frequency2-4 time to 1 time in a year maximum this could be achieve by training the machine operator,. And further reducing the time to repair by taking necessary action against the supplier to provide support in due time. This phase is called risk mitigation.
Now if the above steps work and if Mr. A able to reduce the downtime and time to repair and things goes on in fine and acceptable way. One important thing to note is that if we want no breakdown in machine this is not possible and these are limitation because nothing is permanent in this world, things have it’s own limitations.
Now next step is that Mr. A should not sit idle by implanting the mitigation process rather to continuously monitor the things whether all going correctly and in fine way.
Machine health to be continuously monitored, operator to be periodically trained to take car of machine, and also to keep terms updated with the supplier in relation to post sale services. This phase is called Risk Monitoring.
Now when all these activities are being undertaken then time comes to document the status and periodically keeping update the documents for reference and analysis purpose. This phase is called documentation or reporting.
The above process explained is an overview of ERM end to end process.
Above article is for information purpose only.
For any query please write me : ca.arali92@gmail.com
Author Bio
