Tag: risk management

Looking to Engage, Empower, Achieve, or Improve, and Processes or Structure – Risk Management and COSO 2017 Enterprise Risk Management (ERM) Should Interest You

This post might also be called: why risk management should interest you as an employee, employer, student, educator, product or service provider, executive officer, director, or anyone who is trying to achieve or improve something.

I read a fair number of articles discussing the benefits of engaging and empowering employees and other people. But I see far fewer articles discussing a structure or processes for when employees or people are empowered or engaged. Let me suggest that you use risk management and the COSO 2017 enterprise risk management (ERM) framework to add structure or processes to your engagement, empowerment, etc.

Risk management and the COSO ERM framework are premised on identifying objectives, and then designing and implementing steps, or actions, or processes, or tasks to succeed in satisfying those objectives. So, just as examples, the framework can be used if you are dealing with a product or a service and if you are an employer, or an employee, or a supplier or vendor, or if you are an educator or a student, or if you are putting on an event or you are going to be a presenter at an event, or whatever, etc. And the framework can be used, as examples, to design or make a better or successful design, product, service, event, presentation, innovation, or learning experience, or to increase safety, or to increase efficiency or effectiveness, or to better get your message or point across, or to increase engagement and empowerment, or whatever, etc.

Most likely you already do some form or manner of risk management or enterprise risk management for some objectives, or perhaps for many objectives. Sometimes risk management is required, such as the requirement that boards and audit committees engage in oversight of risk management for at least some business entities, which also of course means that the entity must have some manner of risk management to oversee. And sometimes risk management process are required for certain specific products, services, industries, or other situations, and may also involve compliance with laws, statutes, regulations, rules, etc.

Risk management and enterprise risk management should be integrated into the organization’s regularly, ongoing and constant day-to-day activities and decision making processes to achieve strategies, objectives and tasks successfully – risk management and enterprise risk management should not be viewed as separate or standalone processes that occur only on an occasional or periodic basis.

Here is a link to the COSO enterprise risk management page, https://www.coso.org/Pages/erm.aspx

Below see also my Overview Of A Risk Management Process That You Can Use, a listing of the COSO Enterprise Risk Management (ERM) framework components and principles, and a summary of the framework implementation tiers (i.e., the extent to which an entity has implemented risk management) for the National Institute of Standards and Technology (NIST) Framework For Improving Critical Infrastructure Cybersecurity.

David Tate, Esq.