Enterprise risk management, according to the Risk Management Association, RAM, is “an organization’s enterprise risk competence-the ability to understand, control, and articulate the nature and level of risks taken and activities engaged in” (RAM, 2012) which contributes to increased confidence shown by shareholders,” and risk management is defined as “the process of identification, analysis and either acceptance or mitigation of uncertainty in investment decision- making” (Lark & Walker, 2008).
So, in comparison, enterprise risk management protects and creates value for shareholders, while risk management Is the process that protects an organization’s growth In the long run.
There are multiple components associated with enterprise risk management such as identifying, analyzing, responding to, and monitoring risk and opportunities which is used for internal and external affairs. Even though these areas are in effect, banks have grown and changed and need new standards to abide by.
In 1985, the creation of The Committee of Sponsoring Organizations of the Tread Commission was formed in a Joint initiative of the five private sector organizations and is “dedicated to providing thought leadership through the development of frame works and guidance n enterprise risk management, internal control and fraud deterrence” (COOS).
COOS periodically updates its internal and external control section, along with their enterprise risk management section in which banks have been slowly but surely becoming accustom with their new staff. The COOS enterprise risk management framework has all the components that could help the banks to stand a chance to derive business value while meeting compliance requirements. ” (Vidalia & Kava, reforms and now the Basel Ill is a “comprehensive set of reform measures, developed by the BASEL Committee on Banking Supervision, to strengthen the regulation, prevision and risk management of the banking sector” (Vidalia & Kava, 2011).
But with Basel, most banks did not approve of it and viewed it as Just another useless set of rules they had to follow, it only focused on three areas which was good for those areas because the banks actually grasped the concept of risk management; however it was only those three sections they understood and used. After a while banks began to realize that Basel was extensive enough to create a comprehensive risk management system, so this is one of the reasons COOS became involved with enterprise risk management. The COOS frame work had a lot of elements that would help the bank succeed while complying with all of the requirements.
What is Coco’s mission for banks and companies? Their mission is to ‘provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations. ” (COOS) Their enterprise risk management Frame work is constructed around eight elements and four objectives, which those elements re Internal Environment, Objective Setting, Event Identification, Risk Assessment, Risk Response, Control Activities, Information and Communication, and Monitoring.
The objectives include Strategic, Operations, Reporting and Compliance (Vidalia & Kava, 2011). COOS set up this framework for the banks to follow because when the banks have a plan, they are less likely to fall and can produce more value for their shareholders. As one of the chairmen on the board of COOS stated “Among the most critical challenges for management is determining how much risk the entity if repaper to and does accept as it strives to create value. This report will better enable them to meet this challenge” (Steinberg & Iverson, 2004).
So enterprise risk management is essentially there to help managers make decisions where they take little risk with the hope of making the most value for their banks shareholders. A goal of risk management is not necessarily to reduce the risk for something, as it is more there to obtain a balance between risk and opportunity. One reason enterprise risk management is a good thing for banks to have is that it helps the management of he entity and its objectives to be achieved.
In the framework of the enterprise risk management, COOS claims “Enterprise risk management assists management with aligning risk appetite and strategy, enhancing risk response decisions, reducing operational surprises and losses, identifying and managing cross-enterprise risks, providing integrated responses to multiple risks, seizing opportunities and improving deployment of capital” (Proposition, 2006). In today’s society, risk is more complicated in banks than in past years, so a bank having a good enterprise risk management is even more essential than before.
One of the reasons banks need it is because everything is going worldwide and people are making strategic affiliations with others around the globe. With all that and also technological advances it is making it hard to protect assets and capital and manage threats to the banks operations (Lark & Walker, 2008). While banks are trying to keep up with all the changes in banking, regulations, technology and the economy, they enterprise risk management. A good risk management program structure takes in consideration the size of the organization, its activates, and available resources.
A regular risk assessment process in an organization identifies risk management program opportunities for improvement and strengths, minimizing risk, and identifying responsibilities. The assessments help identify some areas that hinder the organization to reach its strategic plan. Once management identified, understood, and quantified risks, the organization had to emphasize the mission and the strategic plan. One critical factor remains that risk assessment methods vary. Organizations and individuals have to make sure that they communicate the results and recommendations of the discoveries clearly.
The organization needs to establish responsibility for investigating, analyzing and maintain data to improve performance (Satisfactoriness, 2010). The people who are most likely to use enterprise risk management reports are companies Board of Directors, the Senior Management, other Entity personal, Regulators, Professional Organizations and Educators. By each of these positions that are involved together at a bank they will be able to understand how the business is doing and communicate better with one another.
When they are analyzing the enterprise risk management report, they are looking at the strengths and weaknesses t that point so they can determine how to improve their strategies and move forward to their goals. Enterprise risk management versus companies existing risk management. Existing risk management’s focal point is more on what the company actually owns, assets, it looks at the balance sheet for how it is going to define the risk strategy. However, the enterprise risk management focuses more on the business strategy, rather than Just on protecting only what the company owns.
With an enterprise risk management approach “the scope of risk management is enterprise did and the application of risk management is targeted to enhancing as well as protecting the unique combination of tangible and intangible assets comprising the organization’s business model” (Proposition, 2006). Enterprise risk management’s business model includes physical, customer, financial, employee, and organizational assets which are all significant to a business because it helps to process future probable risk and how to manage it.
Does a bank that is following the COOS enterprise risk management plan guarantee that they will never fail or lose out on some risk? No, there is never a sure thing in life. Even with the enterprise risk management plan set up and the bank is doing everything it’s supposed to be doing, there is still no way of being one hundred percent certain. There are too many variables in play for the plan to be guaranteed, for example, the economy is always changing and while people can predict what will happen in the future, they don’t really know everything that could possible happen.
Another factor is human judgment, humans are imperfect which results in their decision, Judgment, management ways, etc. Are not always correct. People fail and make wrong choices, which affects the enterprise risk management plan. COOS even claims that their framework is not fool proof. It has feasible assurance, but still everything has a risk involved with it and enterprise risk management is not an exception to that fact. Roles that people perform when dealing with enterprise risk management include includes people who incorporate the philosophy of the risk management, supports the agreement of the risks and manages the risks.
Certain individuals in that management position should be in charge of the enterprise risk management overview because while everyone is responsible for the success of the strategy, someone needs to be put in charge of directing people on what they need to do and should set goals for the company to reach. Chief Risk Officer or CROP “facilitates the execution of enterprise risk management process and infrastructure. His or her role may be either consultative (assess and recommend) or authoritarian (approve) or both, depending on the risk area” (Proposition, 2006).
The Chief Risk Officer is there to set up and explain the company’s enterprise risk management strategy and decides pond the best foundation for the enterprise risk management plan. Also, the Chief Risk Officer creates to a point, direct risk framework that will help assist management and they will additionally make sure that the enterprise risk management is actually being implemented in their company. The Chief Risk Officer has a changing role in today’s banks. The Job is increasing and becoming more elaborate. Chief Risk Officers have to be multi-talented and be able to gain respect from everyone, top to bottom.
They need to have a good basic understanding of all the areas in the company for whom they are working. Good Chief Risk Officers have a skill set that sets them apart from other managers, “they can effectively analyze significant amounts of data and information and distill it to the key points that help senior management analyze risk in a given situation’ they are able to think strategically, I. E. , they possess the authority and resources to monitor the performance of risk units and risk owners on matters of significance to the enterprise as a whole” (Proposition, 2006).