Resources

Starting you on the right path.

Building an Effective Enterprise Risk Management Program

Do you know what Enterprise Risk Management (ERM) is? Does your company need to establish or implement an ERM program? Do you know what the COSO framework is? If you answered NO to any of these questions, we can help your organization identify and mitigate risks that could impact your profitability.

ERM is the process of identifying and analyzing relevant risk from an integrated, company-wide perspective. The concept is designed to identify potential events that may prevent your firm from achieving its operational, financial, and compliance objectives.

A diverse group of professionals collaborating in a modern office space, engaging in a productive team discussion to align project goals and ideas. Bright setting emphasizes team cooperation and innovative workplace spirit.

Happy diverse couple reached a successful deal with their insurance agent during a meeting in the office. Focus is on Chinese woman. Photographed in medium format.

Using Our Services, We Will Help Your Organization Answer the Following Critical Questions:

Do you have clarity about those risks that will affect your company’s future performance and provide deep insight into the risks that matter most?
Do you understand which risks your company is competitively advantaged to fully address, and which you should seek to transfer or mitigate?
Are business decisions made with a clear view of the impact to your company’s risk profile and are core business processes consistent with your approach to risk?
Are there adequate Information Technology systems and infrastructure in place for you to monitor and manage risks that are being taken within your organization?

F.I.R.M. Consulting Services has the approach to meet your company’s needs. Our approach will balance risk, consequences, time and cost regardless of the scope of engagement your company chooses. Our assessment will contain three major risk categories:

Risk Identification and Assessment

We will work with your company to identify risks across your firm that threatens your mission. We will measure the intensity of the elements that drive each risk and assess your firm’s exposure to these elements.

Risk Tolerance and Analysis

We will then work with your organization to define the level of risk your organization can tolerate. Keeping in mind that risk, when managed can lead to opportunity.

Compliance and Business Practices

We will work with your company to make sure you are industry compliant. We will use the ERM framework provided by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). We will also use benchmarks, controls and industry best practices in use at similar organizations to your company. This will provide you with a risk profile comparison of your practices to similar entities.

ERM - Where to Start?

ERM can affect many areas within organizations. Consider the following for evaluation and appropriate mitigation.

Operations Risks

Strategic – Risk to achieving the organization’s mission, arising from poor business decisions or improper implementation of Strategic goals
Cycle Time – Failure to deliver goods/services in a timely manner
Productivity – Inefficient processes lead to member/customer dissatisfaction
Product Development – Failure to develop products/services that customers need or want; and inadequate pricing
Continuity – Failure to maintain critical business operations
Resource/Human Capital – Failure to provide adequate resources – both people and capital
Capacity – Failure to fully utilize resources – people and plant capacity
Performance – Failure to perform because of inferior practices and/or products/services
Organizational Structure – Organization is not appropriately structured to ensure achievement of corporate goals and objectives
Quality – Failure to utilize high quality resources in producing goods or services
Succession – Inadequate, comprehensive succession plan for key management positions within the organization

Business Environment Risks

Competition – Inability for the organization to compete with its closest peers or competitors
Legal/Regulatory – Inability for the company to comply with all applicable laws and regulations
Compliance – Non-compliance with applicable laws, rules and regulations; litigations, tax which could lead to unnecessary litigation, penalties and fines
Customer Preference – Failure to maintain and/or predict customer preferences for goods and services
Investor Confidence – Failure to establish or maintain investor confidence affecting the company’s ability to raise capital
Resource Availability – Shortage of funds and resources needed for investment, growth or other business opportunities
Political – Risk that an organization’s assets may be seized or manipulated by a foreign government

Integrity/Reputation Risks

Empowerment Risks

Authority/Limitation – Failure by Executive management and BOD to establish appropriate authority or establish not-to-exceed authority and/or limits for approving or initiating transactions
Management/Employee Fraud – Inability to detect/prevent employees from perpetrating fraud against the company or utilize company assets in unauthorized situations
Illegal Acts – Employees fail to comply with laws, regulations and organization standards concerning illegal acts, payments and undesirable behavior

Market Risks

Currency – Exposure related to volatility in exchange rates for transactions and conversion
Liquidity – Organization’s inability to liquidate assets quickly and with minimal loss in value, to meet its obligations
Growth – Failure to achieve revenue growth, revenue constraints, and ineffective management of concentration risks etc
Reserve Preservation – Failure to preserve sufficient reserves for future growth of company
Interest Rate/Market – Failure to react appropriately to volatility in the current market, increased risk from limited diversification, and sensitivity to price and interest rate changes

Information Technology Risks

Secure data symbol in digital environment

Are You in Need of External Penetration Testing (EPT) or Internal Vulnerability Assessment (IVA)?

Ask your IT Team and 3rd party IT Support vendors if they can answer the following questions with certainty and relative confidence:

1 Is your organization vulnerable to an Internet attack?
2 How do you prevent a hacker from breaking/infiltrating your network?
3 What does your company do to prevent a hacker attack /network breach?
4 How robust/hardened is your network security?
5 When was your company’s last EPT and/or IVA conducted? What were the results?
6 Are your risk mitigation plans adequate?

If you cannot answer these questions confidently, your credit union could benefit from a network security assessment.