Enterprise Risk Management Overview

Enterprise Risk Management (ERM) is defined as a process, effected by the entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage the risk to be within the risk appetite, to provide reasonable assurance regarding the achievement of objectives. ERM is geared to achieving an entity’s objectives, set forth in four categories:

• Strategic – high-level goals, aligned with and supporting the entity’s mission
• Operations – effective and efficient use of resources
• Reporting – reliability of reporting
• Compliance – compliance with applicable laws and regulations

In summary, ERM is an organization’s policies and procedures to identify, analyze and address uncertainties/risks that affect the organization.

Components of Enterprise Risk Management

ERM consists of eight interrelated components. These are derived from the way management runs the business and are integrated with the management process. These components are:

• Internal Environment – The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.
• Objective Setting – Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has a process in place to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite.
• Event Identification – Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management’s strategy or objective-setting processes.
• Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed.
• Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite.
• Control Activities – Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.
• Information and Communication – Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity.
• Monitoring – The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both.

The K Financial Advantage

K Financial utilizes an internally developed, web-based Enterprise Risk Management application that provides a customizable, affordable approach to risk identification, control and monitoring.

The software was developed to aid financial institutions and other entities with requests by rating agencies and regulatory bodies for them to demonstrate that they understand their risks and are taking steps to control them.

The most significant feature of the K Financial ERM program is the methodology it utilizes for quantifying and scoring risks and the related internal controls. The scoring mechanism, which is now automated and built into the application, enables companies to understand the true exposure for each of their significant risks and make educated decisions about how to manage and control risks.

Designed to be user-friendly, K Financial’s ERM web application also has sophisticated reporting features as well as email notification capabilities to ensure that changes and updates are reviewed and approved. The application’s security features ensure that sensitive company information remains confidential.

Where other firms and developers have designed “one-size-fits-all” approaches to risk management, K Financial has embraced the subjectivity associated with ERM and developed a program that has the flexibility to be customized for use by any organization. Since 2003, the firm has helped companies implement and maintain ERM programs for identifying and evaluating critical business risks and the related controls. The web application enables companies to further streamline the process of documenting and assessing risk and control information.