Risk Assessments

The heart of any risk management program is having the ability to effectively identify and assess key risks from throughout the organization. It is the foundation for every part of the program, and central to managing risks to within acceptable tolerance thresholds. 

A sound risk assessment framework and methodology encourages risk awareness, ownership, and accountability, but only if the methodology is sound, management is engaged, and the assessments result in meaningful, actionable data. 

Common Challenges

Virtually every traditional risk assessment framework and methodology suffers from the same flaws, resulting in exercises that consume a huge amount of staff and management time, but rarely produce meaningful information.

  • Flawed foundations, including forcing risks into arbitrary risk type buckets, which has never worked, and will never yield useful information
  • Lack of understanding about the purpose of risk assessments
  • Over-emphasis on operational risks, largely ignoring more strategic risks
  • Inconsistent methodologies used across different risk assessments
  • Assessments that only document what leadership already knows, nothing new
  • Very little BU engagement or leadership appreciation for the process or results
  • Nothing that influences actual business decisions 

A new approach is desperately needed!

Our tools support enterprise and operational risk assessments that actually help to manage the business.

The Enterprise Risk Assessment pack includes a series of modules and templates that support the process of identifying, assessing, and reporting on key risks from throughout the organization. This  includes templates for:

  • Enterprise macro level risks (based on risks related to strategy, governance, and various external influences)
  • Operational risks (based on operational processes)
  • Comprehensive reporting and analytic tools 

These templates are the same as those demonstrated in the ERM Advantage video series on Developing Strong Enterprise Risk Assessments. For more information about the enterprise risk assessment methodology within the ERM Advantage framework, you can view the framework overview in Why ERM Advantage?

Macro Risk Module

Using a novel methodology, the enterprise risk assessment framework includes worksheets for defining macro level risks, those associated with strategy, governing programs, and various external influences, such as the economy, regulatory environment, competition, etc. Macro risks represent some of the most significant risks to any organizations, but are almost never captured in risk assessments because conventional frameworks don’t have a structure for rating and evaluating them. 

The process and templates capture key macro risks, ratings related to assumptions about the strength of strategy and program designs, and overall risk ratings. This module clearly highlights where the most significant risks exist, and what management actions should be taken. 

See detail

See detail

See detail

  • Operational Risk Assessment Module

This module is used to identify and analyze risks related to the operational processes used to implement the company’s strategy.  The module is comprised of a series of templates that help business units document and analyze key risks, and determine whether additional mitigation is warranted. This modules includes:

Business unit overview template – used to document information about each operational unit, including a description of the purpose of the unit, how they support the company’s strategic objectives, what changes are planned, their view of acceptable risk levels, and concluding with core processes, key risks, risk mitigation, and monitoring metrics. 

 

The overview is supported by worksheets used to document and rate key risks that exist within each business unit. Risk narratives include:

  • Inherent risks: what could happen and why does it matter?
  • Risk treatment: including internal controls plus other mitigants
  • Residual risk: what could still go wrong and is that acceptable?

Key assumptions are also captured which could influence risk perspectives should those assumptions change.

The risk matrix scores inherent risk, treatment strength, and residual risks, as well as how each risk translates across the primary risk types. 

Assessment Reporting

Once the assessment information is completed, the information can be gathered into an overall report for the board and senior management. The included worksheets include a series of worksheets to visualize the data, leading to important knowledge gained from the risk data. 

Using the population of data gathered, the company can analyze, report, or present the information in an infinite variety of ways. And, at whatever point the company may move to an automated GRC solution, ALL risk data can be imported into that solution. 

See detail

Supporting Documents

The Risk Appetite pack also contains a number of supporting documents, including:

  • Procedures for completing assessment templates
  • Suggested project plan for a full enterprise risk assessment
  • Sample risk assessment report structure

All template packs include several completed examples, procedures for using the templates, a basic project plan where appropriate, and an overview of the overall ERM Advantage framework for reference. Email support is available for questions, with options for live advisory services or support, up to using ERM Advantage team resources to implement an comprehensive enterprise risk assessment.  

Key Benefits of the ERM Advantage Risk Appetite framework template

  • Promots leadership and business unit engagement and risk ownership
  • Helps identify and assess the most significant key risks within the organization
  • Provides the board and senior management a clear undetanding of the most significant risks and risk exposures
  • ALL information can be ultimately important into any GRC tool
  • Framework can be mirrored in any other risk assessment
  • Ultimately helps the organization make better business decisions by effectively assing key risks

Risk Assessmetn Framework Pack

Includes:

  • Assessment templates, both macro and operational
  • Aggregation templates, including tables and graphing 
  • Sample templates and summary report
  • Suggested project plan
  • Includes a 2-hour Zoom call to review the templates

Price: $ 4,500

This packs can be purchased as  part of a bundle. For bundle options and pricing see Product Pricing.

To order this pack or if we can answer any questions, please use the Contact Us form.