Enterprise Risk / Risk RegisterRoadmap for ERM: A practical approach to Enterprise Risk ManagementEnterprise Risk Management (ERM) is an integrated approach to managing a broad spectrum of risks such as Operational Risks (ORM), IT Risks, Legal Risks, Strategic Risk, etc. This notion of "integrated" ERM suggests that while the various silos/departments to work in their own areas to identify their risks, theses their risks must be integrated and recorded with the same risk taxonomy and scale. Without a defined taxonomy, normalization of risks will be nearly impossible during consolidation. Why GRC & ERM are NOT SynonymousMany organizations and vendors today may use GRC and ERM synonymously, but the truth is that GRC is not ERM! Organizations that rely on GRC tools to identify enterprise risks, likely come away disappointed with the result. That's because GRC tools are designed to help organizations record, manage and report on risks – but only once they are identified. In reality, most businesses have systems other than GRC tools to help identify these enterprise risks. Insurance companies typically use actuarial models, financial services firms often rely modeling tools to assess their capital allocation requirements. And the list goes on. Risk Register: A Converging Point for GRC & ERMRsam takes a practical approach to ERM helping businesses to get greater clarity of their enterprise risks. The Rsam Risk Register enables effective ERM allowing organizations to:
|
|