BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Risk assessment processes enhance ERM implementation


When trying to implement an enterprise risk management program, organizations often try to take a traditional approach, said James W. DeLoach, managing director of consultant Protiviti Inc. in Houston.

This includes creating risk maps, plotting exposures based on severity and likelihood of occurrence.

But, he said, “We point out that shuffling known knowns around on a risk map does not add a lot of value in the C-suite or the board room. Neither does focusing on minutiae.”

Instead, Protiviti typically makes two suggestions to its clients, Mr. DeLoach said: Focus on risks through a risk assessment process based on sound principles—looking at risks in terms of the “velocity” of their impact, the persistence of their effects, and the organization's readiness to deal with the risk, among other things—and be sure to involve all stakeholders.

In assessing an organization's risks, periodically revisit changes in the corporate environment and whether changes in the business environment are undermining critical elements of the organization's strategy, Mr. DeLoach said. “Pay attention to the strategic uncertainties. Pay attention when critical assumptions of the business strategy become invalid.”

Organizations also should consider conducting an end-to-end assessment of the value chain, he said. “Organizations are now boundary-less,” and companies trying to assess enterprisewide exposures must look at risks involving their suppliers and at risks associated with their consumers.

They also must make sure the risk assessment process “provides insight, promotes debate and adds to the body of knowledge.” And, an organization should conduct regular post-mortems of past risk assessments to see how well they performed.