Part 3 of a 3-part Series. In Part 1 of this series, we discussed how a sound understanding of the definition of enterprise risk is the first step in establishing a sound enterprise risk management program. In Part 2, we took a look at the three foundational corners of a sound ERM program. In Part 3, we take a look at that fourth corner of ERM, the Enterprise Risk Assessment.
The Enterprise Risk Assessment provides an initial and ongoing tool for the Enterprise Risk Management of any FI. It engages such key elements as:
- Internal environment (where we are today)
- Objectives (where we are going)
- Event identification
- Impact likelihood (on an inherent and residual basis)
- Risk response and control activities
- Information capture, communication and monitoring.
Following this format within an assessment document is a challenge, but leads to a logical, quantitative and qualitative presentation that yields significant benefits and facilitates the process with each succeeding year.
Although there is no question that the ERA must address qualitative elements (such as risk factors, strategies, etc.), those elements are best presented when quantified (such as key ratios and risk scores to be evaluated). The adage that we value what we measure is absolutely true of ERM, and the ERA gives us that capacity from both a static (level) and dynamic (trend) perspective. No ERA can encompass every conceivable risk, but sound ERM provides a powerful tool that promotes internal and external confidence.
When properly pursued, the Enterprise Risk Assessment serves as a powerful document that:
- seeks to align the risk appetite and strategy of the institution;
- facilitates enhanced risk response and decisioning guidance;
- reduces operational surprises and losses through facilitating an effective, coordinated response to the myriad of risks affecting different parts of the organization;
- promotes the ability to seize opportunities through proper management positioning and deployment of capital; and finally,
- helps ensure the effective reporting and compliance with laws and regulations while guiding the credit union away from the damage inherent in reputation risk and its associated consequences.
ERA is the quantitative and qualitative tool of ERM. It is a living document that serves as both informative guide and insightful instructor. There is no question that examiners today are pressing harder and will continue to do so in their search for ERAs that are dynamic and specific to your institution.