!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> Streamline Training & Documentation: Risk Management Best Practices

Wednesday, January 14, 2009

Risk Management Best Practices

Among the most experienced practictioners, and now consultants, in the area of enterprise risk management (ERM) is James Lam. Based on his experience, Lam offers this summary (ppt) of the "hallmarks of ERM best practices":
  • An engaged senior management team and governing board that provide organizational support and resources.

  • ERM set up as an independent function under the leadership of a Chief Risk Officer who reports to the CEO, with dotted line reporting to the governing board.

  • A top-down governance structure, with risk committees at all levels, reinforced by internal and external audits.

  • An established analytical framework that incorporates strategic, business, operational, market, and credit risks, along with hazard risks.

  • A "risk aware" culture fostered by a common language, training, and education, as well as risk-adjusted measures of success and appropriate incentives.

  • Written policies with specific risk limits and business boundaries that collectively represent the risk appetitie of the organization.

  • An adopted reporting capability that integrates key quantitative risk metrics and qualitative risk assessments.

  • Robust risk analytics to measure risk concentrations and interdependencies.

  • Integration of ERM into strategic planning, business processes, and performance measurement activities.

  • Optimization of the organization's risk-adjusted strategic initiatives along an efficient frontier.
For more detail concerning Lam's views on best practices in developing key risk indicators (KRIs) and ERM reporting, see his 2006 white paper.

[Previous posts dealing with enterprise risk management are here, here, here, here, and here.]