At RSM, we believe that unless the board and management fully understand the level of risk that the organisation is willing and able to take in pursuit of value creation, it will be difficult for the board to effectively fulfil its risk oversight role.
Enterprise risk management (ERM) is not static, but rather a continuous process. Through our extensive experience and the desire to assist our clients in achieving success, RSM can set the grounding for effective ERM within your organisation.
Several formal ERM frameworks are available today (such as COSO ERM and the principles of ISO 31000) which we are very familiar with. However, not all organisations are the same and therefore a 'one-size-fits all' solution to risk management does not exist.
Your organisation may operate:
- in complex financial markets
- with unique products and services
- in diverse technologies
- with complex business processes
- with simple business processes
Our team of ERM professionals work with your organisation to develop and embed an integrated framework customised to your business and risk appetite. This is implemented in five stages:
- risk framework development
- risk assessment and prioritisation
- identification and effectiveness of existing controls
- risk treatment and strategies
- risk validation and monitoring
For companies with existing frameworks in place, we also provide certain ERM services in isolation that include:
- risk assessments and workshops (combined top-down and bottom-up approach)
- evaluation of risk management frameworks assessing against best practice
- development of enterprise risk appetite statements and its communication throughout your organisation
- risk maturity and cultural assessments
- evaluation of risk reporting
- assessment, design and implementation of strategic risk register
- risk management software systems
- ERM training