Chapter 12 presented the approach Intuit uses to measure the effectiveness of their ERM.Let's assume that You are an ERM consultant, retained by Intuit to re-implement their ERM. They have decided to

Sumit Jangid 

Week 6 Discussion

COLLAPSE

Top of Form

Enterprise risk management programs are designed to drive identification of risks that may affect a company and management of those risks in order to enable achievement of the company’s objectives. Therefore, in any organization risk management is crucial to identify the positive as well as negative aspects of risks and the possibility to identify their impact on the objectives. Although ERM includes several approaches such as PM2 Risk Scorecard and ISO 31000, selecting an ERM framework and adopting the right methodology depends on the organization’s operational objectives.

ISO 31000 approach focuses on the identification of risk owners and the creating a risk aware culture within organizations. As stated by Gjerdrum & Peter (2011), “a significant difference from the traditional process is that the ISO model includes the elements of establishing the context and continuous communication and consultation”.

On the other hand, PM2 risk scorecard-based approach includes a robust step-based process to identify strategies, linking strategic objectives to goals, identifying likelihood and impacts of risks associated with objectives, identifying current as well as future programs and identifying possible mitigations for risk indicators. Each of these steps are dependent on the previous one. In general, the PM2 framework highlights the strategic process improvement to generate better performance. ISO 31000 emphasizes on taking a simpler risk mitigation/review process, while continually and iteratively monitoring risk assessment. 

While both frameworks have their pros and cons, as an ERM consultant, I would recommend ISO 31000 for the ERM implementation. Some of the significant reasons to choose ISO31000 over PM2 risk scorecard would be that it is easier to implement and has focus on mitigating risks at the risk level rather than the strategic objective level.  Furthermore, ISO 31000 does not require worksheets for capturing risk/objective combinations unlike PM2 risk scorecard in order to evaluate risks. Subsequently, ISO 31000 as a framework has robust global standards, increases accountability and strengthens communication. Ultimately, the ISO 31000 standard provides a vehicle to make risk management central to the success of an organization, and an intimate part of key processes such as planning, management and governance (Gjerdrum & Peter, 2011). 

References:

Fraser, S. R. J., Simkins, J. B and Narvaez, K. (2015). Implementing Enterprise Risk Management: Case Studies and Best Practices. John Wiley & Sons.

Gjerdrum, D., & Peter, M. (2011). The new international standard on the practice of risk management–A comparison of ISO 31000: 2009 and the COSO ERM framework. Risk management, 31(21), 8-12.

Bottom of Form

Shiva Kumar Pagadala 

week 6 discussion

COLLAPSE

Top of Form

New ERM ISO 31000

            Modern days the business environment is continuously developing as a result of new technological advancements. However, the latest technological advancements have various risks to the daily operations of businesses. As a result, companies have embraced the use of enterprise risk management (EPM) in their business strategies. EPM is a process that helps organizations identify, discover, and address any potential threats (Bromiley, McShane, Nair, & Rustambekov, 2015) that may hinder a company from achieving its goals and objectives.

            Recently I was hired as an ERM consultant, retained by intuit to re-implement the company's ERM. Luckily the company decided to establish a new ERM because the existing one proved to be ineffective. As a consultant, I recommended that the company uses ISO 31000 instead of the PM2 Risk Scorecard. This is because the long term success of any organization depends on the firm's ability to handle threats that may face the company. ISO 31000 provides a higher level of reassurance in terms of economic resilience, reputation, and environmental and safety impacts. It will also give the company a comprehensive framework and processes of managing risks regardless of the size, methods, or sector.

            Additionally, ISO 31000 will help guide the company's managers for any internal or external auditing programmers (Florea & Florea, 2016). ISO 31000 will help the company to compare our risk management practices with an internationally recognized benchmark. Thus it will enable the organization to conduct effective management processes and corporate governance.

            The ISO 31000 standards include risk identification, analysis, evaluation, and treatment (Kontogiannis, Leva, & Balfe, 2017). It has other added management process descriptions. These include establishing the internal and external risk context, monitoring and reviewing the strategies, and communication and consultation, which will help the company understand our stakeholders' interests and concerns while aligning them with the risk management processes. Decidedly, ISO 31000 should be used by any company because the principles are simple, clear, and if utilized effectively, it can help a business achieve success.

References

Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk management: Review, critique, and research directions. Long range planning, 48(4), 265-276.

Florea, R., & Florea, R. (2016). Internal audit and risk management. ISO 31000 and ERM approaches. Economy Transdisciplinarity Cognition, 19(1), 72.

Kontogiannis, T., Leva, M. C., & Balfe, N. (2017). Total safety management: principles, processes and methods. Safety science, 100, 128-142.

Bottom of Form