!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> Streamline Training & Documentation: What Employees Need to Know about Risk Management

Tuesday, January 13, 2009

What Employees Need to Know about Risk Management

To round out the discussion in my last two posts of the Protiviti FAQ for enterprise risk management (ERM), I want to cite Protiviti's take on what employees should learn about their company's risk management policies and procedures. Protiviti recommends that employee ERM learning emphasize:
  • The company's risk management vision, goals, objectives and policies.

  • The company's common language and other enabling frameworks.

  • The company's processes for identifying and sourcing risk and the methods and tools supporting those processes, including how those processes compare to the COSO Enterprise Risk Management - Integrated Framework. (COSO is the Committee of Sponsoring Organizations of the Treadway Commission. "Sourcing Risk" means figuring out what, at a fundamental level, gives rise to a particular risk.)

  • The self-assessment processes in place and how they are integrated with day-to-day business activities.

  • The risk measurement methodologies selected by the company and how they are used.

  • The company's priority risks and the enterprise-wide risk assessment process for keeping the risk profile up-to-date.

  • The elements of ERM infrastructure and their importance and contribution in building and improving risk management capabilities.

  • The process by which gaps in risk management capabilities are determined.

  • How to participate in established communications channels to enable the flow of risk management information within the company.

  • The company's commitment to continuous improvement and what it means to risk management, to the company's operating units, and to the individual employee.
In a recent global survey conducted by the Professional Risk Managers' International Association (PRMIA), training and top-down support were cited as the most critical factors for a successful ERM program.