Enterprise Risk Management
Organisations of any kind face internal and external factors and influences that make it uncertain whether, when and the extent to which they will achieve or exceed their objectives (ISO 31000:2009). Risk is therefore the effect of uncertainty on objectives. An objective is a deviation from the expected, positive (upside) or negative (downside). Risk is often characterised by reference to potential events and consequences. Risk is often expressed in terms of a combination of the consequences of an event, including changes in circumstances and the associated likelihood of occurrence.
Risk management, on the other hand, is a set of coordinated activities to direct and control an organisation with regard to risk (ISO Guide 73:2009). COSO (2004) defined enterprise risk management (ERM) as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. LeishTon can work with you to develop and implement holistic and integrated enterprise-wide risk management framework and policies. We can also review your risk management documentation as a distinct service or as an integral part of your risk management function’s review. Key enterprise risk management documentation LeishTon can work with you to design include:
Enterprise Risk Management framework
Enterprise Risk Management Policy
Risk Appetite and Escalation process
Environmental and Social Risk Policy
Market Risk Policy
Operational Risk Policy
Credit Risk Policy
Insurance Risk Policy
Investment Risk Policy
Liquidity Risk Policy
Legal Risk Policy
Risk Register
Risk Assessment techniques
Risk Classification Systems
Fraud Risk Management Policy
Risk Management Work Plan
Risk Management Model
Risk Sophistication Model