Guidance for Executive Management and the Board
Protiviti’s Jim DeLoach discusses strategies to enhance the risk assessment process, from ensuring the proper stakeholders are involved to accounting for disruptive change and moving beyond “enterprise list management.”
An effective risk assessment is fundamental to risk management and the board’s risk oversight process. Successful risk assessments help directors and executive management identify emerging risks and face the future confidently.
An enterprise risk assessment (ERA) is a systematic and forward-looking analysis of the impact and likelihood of potential future events and scenarios on the achievement of an organization’s business objectives within a stated time horizon. The process begins with an articulation of the enterprise’s governing business objectives as reflected in its strategy and performance goals. It applies predetermined risk criteria to well-defined risk scenarios that could lead to the organization falling short of achieving those objectives. Often, the assessment results are displayed on a grid or map for review by decision-makers to ensure risk owners are appropriately assigned and risk responses and metrics are in place. Many organizations have some sort of ERA process in place.