Allow Cookies ?
To enhance your browsing experience on our website, we utilize cookies. For more detailed information regarding our use of cookies, kindly refer to our privacy policy.
Allow Cookies
Allow Cookies ?
To enhance your browsing experience on our website, we utilize cookies. For more detailed information regarding our use of cookies, kindly refer to our privacy policy.
Allow Cookies
Understanding the ERM context and the framework, principles and components:
In 2017, COSO (the Committee of Sponsoring Organizations) updated the 2004 ERM – Integrated Framework and named it as ”Enterprise Risk management (ERM)-Integrating with Strategy and Performance “ , the new framework reflects the evolution of ERM thinking and practices, links the ERM approach to business models and processes.
Enterprise risk management is the culture, capabilities, and practices, integrated with strategy-setting and its performance, that organizations rely on to manage risk in creating, preserving and realizing value.
COSO defines internal control in Internal Control-Integrated Framework(2013) and Enterprise Risk Management-Integrating with Strategy and Performance(2017) as a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.
Refer to Figure 1.1: following are the five components of Internal control and their inter relationship with the three objectives:
Objectives : Operations, Reporting and Compliance
Components : Control Environment, Risk Assessment , Control Activities, Information & Communication and Monitoring activities
The ERM Framework as depicted in Figure 1.2 illustrates that when enterprise risk management is integrated across its (a) mission, vision, & core values (b) strategy development (c ) business objective formulation and (d) implementation and performance, it can enhance value. Enterprise risk management is dynamic and aligns with the day to decision making.
In the Figure 1.2 we can observe that there is a combination of three ribbons which represent the common processes that flow through the entity
1.Strategy & Objective-Setting
2. Performance
3.Review & Revision
and two ribbons which represent supporting aspects of enterprise risk management
4.Governance & Culture
5.Information, Communication & Reporting
These five components are collectively referred as risk management components.
In addition to the above mentioned five components there are 20 underlying principles, as illustrated in Figure 1.3 against each component which are part of the entity’s enterprise risk management practices. The company’s management must bring due judgment in applying them. We are not elaborating these principles and a detailed narrative on how to apply these principles are explained in the COSO website which may be referred to
Source :COSO Enterprise Risk Management : Integrating strategy and performance
Understanding the ERM – an understanding of the Principle 6 – analyses business context as part of the component – Strategy & Objective setting
Source :COSO Enterprise Risk Management : Integrating strategy and performance
:A right strategy needs to be deployed by the organization to ensure the mission, vision and core values achieved to enhance value. The right strategy is always built based on the risk profile of the organization
The risk assessment of the organization would be done in the context of external environment and internal environment context. The external environment comprises several factors that can be categorized by the acronym PESTLE: political, economic, social, technological, legal, and environmental.
Figure 1.4 : External Environment
In case of internal environment, the risk factors associated with the following are the point of focus :
(a) Assets or investment
(b) Human Capital and culture
(c) Process and Controls
(d) Technology
To illustrate the best practice on disclosure by large corporations, a sample extract from TCS annual report is attached and as MSME we need to focus on the various factors and build the commentary on various external and internal risks impacting the business and how the same have been addressed or mitigated.
Figure 1.5 : A sample extract of a large corporate ERM disclosure
Please refer to Pages 95 to 104 of TCS Integrated Annual Report of 2022-23 for a practical understanding of how they are addressing Enterprise Risk management in their business context.
To sum up, by integrating ERM into the operational canvas, MSMEs can better plan themselves well enough to handle various risks in their business and make themselves more resilient. When they set out on their ERM journey they can demonstrate good governance to their stakeholders both internal and external which can go a long way to enhance their value.
Let's talk! Book your free consultation today
India
USA
UAE
