Part 2 of a 3-part Series. In Part 1 of this series, we discussed how a sound understanding of the definition of enterprise risk is the first step in establishing a sound enterprise risk management program. In Part 2, we take a look at the foundational elements of necessary to build a sound ERM program.
We have identified three foundational factors that are required to ensure that the ERM approach of any financial institution (FI) “fits” that particular FI instead of trying to make the FI fit ERM. These factors must be established if the Enterprise Risk Assessment is to be understood.

1. Vision.

Strong ERM must be innately relevant to the FI and its “vision.” COSO notes, “Among the most critical challenges for management is determining how much risk the entity is prepared to and does accept as it strives to create credit value.” As such, ERM must establish where the FI is today and where it plans on going in its value-creation efforts.
We frequently know what is defined as “Risk” as well as what is defined as “Management.” Yet, what do we define as Enterprise? One definition states that Enterprise is “a project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy.” Keeping ERM relevant to the FI’s “Vision” requires that we know our Five Ws (who, what, why, where, when) today and in the future.
Our collective assessment efforts must present those in a sound manner at given points in time, then seek to identify impediments to reaching those achievements and the corresponding risk mitigation.

2. Correlation.

Effective ERM cannot be achieved with a “silo mentality,” where each department declines to share key information with the other departments. It requires correlation throughout the enterprise. History has repeatedly shown that a failure to understand the cause and effect of pursued strategies by an entity upon all departments of the credit union results in weakness and, in some cases, failure.
Many FIs have recognized this factor and responded with the designation of a Chief Risk Officer. Establishing such a position is logical, but cannot become a silo itself. Rather, such an individual must serve as a go-between for the various departments in an effort to establish and continually reestablish the Enterprise Risk Assessment.

3. Target Driven.

Because ERM covers the full array of risks within the organization, it requires a unique approach to analysis. The framework for ERM is established in key categories:

  • Strategic
  • Operations
  • Reporting
  • Compliance

Objectives of an organization hit one or more of these categories. Those objectives will face a wide array of challenges to implementation including both internal and external events. As the credit union analyzes these events and corresponding strategies, it establishes the framework for measurement of ERM via the Enterprise Risk Assessment (ERA).
With a sound definition of enterprise risk and these three foundation factors, we’ll turn our attention in our final installment to the Enterprise Risk Assessment.