Steps in the Enterprise Risk Management (ERM) Process

Identify Risks
ERM过程的第一步是识别可能影响组织目标的潜在风险(和机会). 这一步骤包括识别可能来自各种来源(如操作)的内部和外部风险, financial, regulatory, legal, reputational and strategic risks. Identifying new risks is key to managing what is on the horizon.

A graphic showing the typical steps involved in the ERM process.

Assess Risks
After identifying the risks, 下一步是评估它们对组织目标的可能性和潜在影响. This step involves analyzing the risks in terms of their probability of occurrence, potential impact, 风险可能影响组织的速度(或速度),以及组织缓解这些风险的当前控制的充分性.

Prioritize Risks
Based on the risk assessment, 下一步是根据风险对组织目标的重要程度来确定风险的优先级. 这一步包括确定哪些风险需要立即关注,哪些风险可以长期管理.

Develop Risk Mitigation Strategies
After prioritizing the risks, 下一步是制定与组织目标一致的风险管理策略. 这一步包括制定风险管理计划,概述组织将如何减轻风险, avoid, transfer or accept each risk.

Implement Risk Mitigation Strategies
下一步是实施在前一步中确定的风险缓解战略. This step involves putting in place the necessary processes, policies and procedures to manage the risks identified.

Report, Monitor and Review
The final step in the ERM process is to report, monitor and review the effectiveness of the risk management strategies implemented. This step involves continuously monitoring the risks, evaluating the effectiveness of the risk management strategies, 根据需要调整战略,并及时报告结果,以便在战略规划中发挥作用.