Enterprise Risk Management known as (ERM) has evolved a lot since the seventies. From simply ‘buying’ insurance, it has now evolved and grown in importance to become a prime function in many organizations. It is now part of a bigger system known as Governance, Risk and Compliance (GRC) which starts with corporate governance and ends with compliance. ERM is the function of studying the risks that may hinder a corporation’s ability to achieve its goals and then deciding how to overcome these risks.
Studies regarding risk management were done by different organizations, including ISO which issued ISO 31000 on risk management. However, the most accepted ERM system is the one designed by ‘COSO’. This system, which is the one covered in this course, teaches the steps needed to control risk. It starts with the evaluation of the internal environment and the setting of objectives which are, mainly, a result of the tone at the top of the organization, the directives from corporate governance as well as the vision, mission and corporate strategies.
Then, the course goes through the steps management needs to consider in order to identify and assess risk and decide on proper risk responses and controls. The course ends with how to monitor, communicate and report risk. In addition, the course looks at risk in different organizational areas such as strategy, reporting, compliance, operations, financial or physical risk as well as risk in different industries.