Enterprise Risk Management

All organisations, no matter whether private, government, or not-for-profit, have one thing in common – they all take the risk to achieve their goals. Unfortunately, too many organisations either don't have any formal approach to considering the risks they are taking or utilise forms of risk management that are below par. That is, they are not in line with the principles and guidelines of better practice defined in ISO 31000.

This Enterprise Risk Management training course provides the delegates with the requisite knowledge to design, implement and operate enterprise risk programs to successfully manage organisational risk. It takes a holistic approach and calls for management-level decision-making that may need to be clarified for an individual business unit or segment. Thus, firm-wide surveillance is given precedence instead of each business unit being responsible for its own risk management.

Enterprise Risk Management (ERM) is a methodology that looks at risk management strategically from the perspective of the entire firm or organisation. It is a top-down strategy that aims to identify, assess, and prepare for potential losses, dangers, hazards, and another potential for harm that may interfere with an organisation's operations and objectives and/or lead to losses.

Day One: Principles Of Risk And Enterprise Risk Management

• Objectives & Governance: Concepts & Definitions

• Mapping and Assessing the current Governance Arrangements

• Commitment: Setting the objectives for implementing the latest guidance

• Who are the internal and external stakeholders?

• The importance of culture, communication, and behaviour in seeking an effective ERM structure

• An overview of the global post-pandemic business environment

• Enterprise Risk Management: The Resilient Organisation

Day Two: ISO 31004 – Designing The Framework For Managing Erm

• ERM Framework and Process

• ERM Responsibilities: Who does what, who is on the team

• ERM Accountabilities and Performance Measures

• Comparison of the current ERM to ISO 31000:2009 Principles

• Alignment between ERM Policy and the Organisation

• Risk Attitude: Pursue, retain or avoid concerning risk appetite and tolerance

• Options for Risk Criteria, Assessment, Identification, Analysis, and Evaluation

Day Three: Business Continuity Management Systems (BCMS)

• Fundamental Principles of Business Continuity Management

• Implementation of a BCMS under ISO 22301 & 27031

• Business Impact Analysis (BIA) and Risk Assessment 

• Understanding the relationship between BCMS and compliance with the other ERM requirements, including supply chain strategies

• Writing a business case and a project plan for the implementation of a BCMS

• Incident and Emergency Response Management

Day Four: Implementing Effective Enterprise Risk Management

• Resources and Methodologies to Implement the Plan

• Ensuring ERM becomes part of significant decision-making

• What are the likely barriers to implementation (risk culture)?

• Risk reporting & the limitations of various risk reporting tools & methodologies

• Assess the merits of quantitative risk modelling & qualitative reporting

• Align the risk reporting processes with other strategically important management activities, such as reputation management

Day Five: Monitoring, Review, And Continuous Improvement Of The Framework

• Key Risk Indicators (KRI´s)

• Evaluating KPI Metrics for the Organisation

• Continuous Improvements: Running your team-based risk workshops

• Collate risk and control information from multiple sources into a central risk register or inventory of risk information system

• Controls Register or Inventory of Controls: The “Five Ws”