Going About Enterprise-Wise Risk Management
Overview of the Hand Guide in a University Context
Expectations
Expectations
Expectations
The Risk Management Team of a typical University is providing Risk Management Services to
its clients!
There is a sequence in which to design a Risk Management Framework and resource up to implement it.
This gives rise to some primary Elements that are combined to give effective results for managing risks. The
Risk Framework will be compromised if any of these Elements are not thoroughly developed.
The Enterprise-Wise Risk management Hand Guide authored by Ian Abrahams, Principal Risk Management
Consultant, gives you a Roadmap to have a very good staff-wide experience in embracing Risk Management.
There is no substitute for your Risk Management Framework being the key plank of having the right
approach to an enterprise-wide take up of
Risk Management.
The starting point is to examine the Risk
Standards and other well recognized
frameworks to define the risk
methodology that is best suited to you.
Next is to set up the Risk Function that
manages the Risk Framework. The Risk
Function qualifies the performance
measures that are suitable for Risk
Management and demonstrate that any
investments to reduce risks are justified.
The above allows you to establish the Risk Management Process, starting in a more simple way and adding
more sophistication over time. The Risk Process is extended to cater for different Risk Programs that come
under the Framework, such as Compliance and BCM.
Risks are categorized to cover the various types of Faculties / Schools or Corporate Functions that you are
involved in, ensuring that Risks can be analyzed according to different Risk Types. Risks in turn require to be
communicated across different operational boundaries, and by implication good interfaces are established
to ensure Risks are managed.
This leads to training to give staff the capability to utilize Risk Management together with any tools and
techniques that give efficiencies. The Risk Process is embedded to support successful outcomes in
Corporate Objectives and Strategic Plans.
Document1
Page 1
Framework Elements
Leverage well proven industry guidelines that define industry best practices to:
Standards and Codes
of Practice
Organisation and
Governance
Performance
Management
 Develop your own methodology
 Protect management and staff to make informed decisions where risks are
taken to achieve the level of success aimed for
 Define the organisation structure to perform the Risk Function
 Define roles, accountabilities and decision rights to support the managing
of risks
 Define suitable performance standards for Risk Management
 Monitor performance and have a plan to improve
 Link to Corporate Objectives to demonstrate benefits and to embed Risk
Management into existing business processes to foster risk awareness
Risk Management
Processes
 The Risk Process defines the logical order in which Risks are identified,
assessed, analyzed and managed, as well as treated where the level of risk
needs to be modified, in a consistent way
 Treatment includes developing action plans to improve the control
environment
The Risk Process becomes the barometer that Risk Maturity can be measured by.
Initially the data captured in the Risk Process is kept smaller and simple, over time
more sophistication is added as suits your needs.
If the fore-thought is not given upfront where you want to be in several years’ time,
Risk Management will fail to deliver the value it promises.
Document1
Page 2
 Contributes to embedding Risk
Communication &
Consultation
 Ensure communication and the understandings to support the
accountability of managing risks
 Build alignment of Risk Management between different business functions,
ensuring coordination of Risk Management and avoiding duplication of
efforts
'If you don't read the newspaper, you are
uninformed; if you do read the newspaper
you are misinformed.'
Mark Twain
Having a good Framework, and see your Risk
Report, you are informed
ISO31000
 Build risk management knowledge and capabilities
Training & Education
 Reinforce Risk Management and its application, using suitable forums such
as in-house seminars and publicising wins delivered in operational work
Training techniques assists staff embrace Risk Management.
Rather proactively
minimise the
Consequences.
Risk Management
Tools & Techniques
Than deal with the
actual Consequences.
 Using the right tools to support Risk Management is essential to staff
working productively with greater effectiveness
 Tools (technology) and techniques (methodologies) assist to embed Risk
Management in day to day functions
Expectations
Expectations
Meet & Exceed
Expectations
Expectations have become elevated: expectations for quicker response times, expectations for dynamic
data interchange, expectations for preventive action rather than reaction.
Document1
Page 3
Key Results from a Well-Designed Enterprise Risk Management Framework
Establishing an Enterprise Risk Management Framework to address the successful achievement of
corporate objectives and strategic plans has become more and more of an imperative. This Handout
outlines the key Elements involved in having a well-designed Enterprise Risk Management Framework that
at its core is robust, guiding your organisation to effectively address and manage its risk landscape.
 A solid core Framework enables an organisation to institute risk treatment and control measures that
align with tactical and strategic goals.
 Furthermore, a robust core structure will incorporate the appropriate degree of flexibility to evolve
with the organisation’s changing needs and harness the increasing sophistication of risk-relevant
knowledge acquired over time.
 A good Framework also has value in promoting cross-functional dialogue and data sharing. Staff in
different parts of the University could be working on a sub-set of risk management data and might not
be aware that some of their inputs affect other areas.
Critical Considerations
 Risks to an organisation arise from many different areas and similar risks arise and affect different
functional areas in varying ways. Thus, an effective core Framework needs to incorporate input from
the different functional areas in the organisation and allow for different interpretations of the same
risks to enhance the organisation’s control and treatment options.
 The successful development of an effective Framework requires continuity and commitment, which is
best accomplished through collaborative communication with key stakeholders. Collaboration
through directed communication is a cornerstone of the Framework outlined in this handout.
 As a Framework develops over some years there should be increasing accuracy in the identification
and quantification of risks and their consequences so that the focus can move from treatment and
control to mitigation and prevention.
 An important tangible output of an effective Framework is the ability to meet (and even exceed)
reporting responsibilities, both internal and external, for tactical planning, strategic resource
allocation, compliance constraints and regulatory requirements.
How do we translate these responsibilities and considerations to the Risk Management Framework?
The Hand Guide authored by Ian Abrahams, Principal Risk Management Consultant with some 20 years’
experience in Risk Management and its wider Enterprise applications, brings a wealth of practical and
relevant techniques, tips and procedures that add value to your Framework and ERM implementation.
In fact the Hand Guide Enterprise-Wise Risk Management will fill in gaps and trap out some of the hidden
pitfalls that you would otherwise encounter, making your Risk Management experience richer, wellreceived and value for money.
To find out more
information
Document1
http://www.corprofit.com/enterprise-wise-rm-hand-guide/
Page 4