Risk Maturity Model and ERM Resources
Below outlines complimentary enterprise risk management resources including best practice articles, eBook downloads, on-demand webinars and other Risk Maturity Model-related resources.
The Institute of Internal Auditors (IIA), effective January 2013, recommends the Risk Maturity Model, in conjunction with this Internal Auditors Guide, as resources on ERM effectiveness and how to effectively measure and assess ERM maturity. This step-by-step helps internal auditors and risk practitioners meet the IIA’s International Professional Practices Framework (IPPF) requirements and assess the effectiveness of enterprise-wide risk management programs. Click here for your complimentary download!
Whether tasked with developing a new enterprise risk management program or improving upon existing processes, this eBook identifies the five main overlapping characteristics that the strongest ERM programs share. These characteristics cover key components for establishing an ERM program, as well as developing a risk library, assigning ownership, and determining a risk appetite or risk tolerance levels to name a few. Furthermore, it provides enterprise risk management best practices for ensuring your ERM program is successful, and will meet the high expectations of the Board of Directors and leadership. Click here to download this complimentary eBook!
For most organizations, topics involving risk management, performance, and compliance are gathered using different methodologies and tools. This makes it hard to even locate, let alone compare and aggregate risk information. This eBook outlines how organizations develop a standardized risk and governance structure, also known as a taxonomy, by leveraging existing processes and sharing information currently separated by functional area. Click here to download the complimentary eBook!
Many risk managers struggle to translate vague high-level risk appetite and risk tolerance statements into actionable, day-to-day risk management activities. Important to the board of directors and leadership, these measures are meaningless unless they drive analysis and progress within an ERM framework. Click here to watch the 30-minute webinar on developing actionable risk appetite and risk tolerance statements to improve your ERM program’s direction and efficiency.
When risk assessments are subjective across an organization’s departments or silos, the information collected is nearly impossible to analyze and compare. Utilizing a common risk assessment framework with a uniform scale, evaluation criteria, and holistic reporting and aggregation, ensures information collected across the organization is objective, quantifiable and comparable. Click here for an article on risk assessment best practices and to download the complimentary risk assessment template.
Visit the full ERM knowledge center, offering a range of complimentary ERM resources including eBooks, on-demand webinars, videos, best practice articles and more. Covering the basics of establishing a best practice enterprise risk management program, as well as more advanced topics (like metrics, progress tracking, risk appetites and tolerances, etc.), this knowledge center provides the tools needed for improving your current risk or governance program. Click here to access the full knowledge and resource center!
ERM Resources Archive
Below is an archive of enterprise risk management (ERM) press releases, news and articles. For recent news, discussions, and real world examples surrounding enterprise risk management, click here to visit the LogicManager blog.
Published Reports, Articles & Studies
TSA Adopts Enterprise Risk Management (Blog Post)
Risk management is not about absolutes, it is about using a consistent analysis framework for balancing risk and cost on a common basis across the enterprise. The 2013 announcement by the Transportation Security Administration (TSA) of their adoption of a risk-based approach is a long awaited practical application of enterprise risk management to security. To read the full article, visit the full blog post here!
ERM Can Save Millions: Cybersecurity Case Study (Blog Post)
Risk managers seeking to build the business case for enterprise risk management software should consider how the circumstances of the cybersecurity hacks, threats and data breaches in the news can unfold in their own organizations. With appropriate preventative measures and planning, expensive loss events and harmful publicity can be avoided. To learn more, visit the full blog post here!
SEC Reprioritizes ERM in 2014 (Blog Post)
The Security and Exchange Commission announced its examination priorities for 2014 and enterprise risk management (ERM) sits at the top of the list. Seeking to address the weaknesses threatening fair, orderly and efficient markets, the 2014 SEC priorities follow a year of several high profile failures in risk management, such as the Edward Snowden NSA leaks, Carnival Cruise Line’s generator failure and many more. To read the full article, visit the full blog post here!
Risk Monitor Blog Series
RMORSA (Part 1): Risk Culture and Governance (Blog Post)
The first of a five part blog series on the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) requirements, this blog post introduces the five main ORSA requirements and examines the first, risk culture and governance, in more depth. To learn more about risk culture and governance, defined by the NAIC as roles, responsibilities, and accountability in risk-based decision making, visit the full blog post here!
Part two of this blog series details the second ORSA requirement, risk identification and prioritization. This step helps define the ongoing risk management process and equips organizations with the information and data needed for risk based decision making. As discussed in the blog, utilizing a root-cause approach is critical, allowing organizations to identify the core of a risk versus just the symptoms. Learn more by visiting the full blog post here!
The third step in the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) is the implementation of a risk appetite and tolerance statement as advised by the Risk Maturity Model framework. A risk appetite statement reflects the organization’s high level measures of acceptable risk as they relate to strategic objectives whereas the tolerance statements must be actionable and measurable to provide greater assurance that risk remains within the appetite statement. Read more by visiting the full blog post here!
The fourth component, risk monitoring, control and action plans, revisits the foundation laid during the previous three steps to measure effectiveness, value and plan for improvement. With the proper structure to track, analyze and measure progress, organizations are able to plan for improvement in weak areas and continue activities that are strong. To learn more, visit the full blog post here!
RMORSA (Part 5): Risk Reporting & Communication (Blog Post)
The final post in the Risk Monitor blog series on RMORSA, covers the fifth requirement, risk reporting and communication. After implementing standardized risk assessments, well documented risk mitigation, and processes for continual improvement; this post answers a key question on everyone’s mind: how do you report this information to your Board and effectively communicate to your commissioner in a way that demonstrates ORSA compliance and your ERM program’s value? For the answer, visit the full blog post here!