ENTERPRISE RISK MANAGEMENT (ERM)

Get Complete Project Material File(s) Now! »

Risk management

Risk management, loosely defined, is the art and science of managing risks (Valsamakis et al., 2010:2). The Institute of Internal Auditors (IIA) defines risk management as a process to identify, assess, manage and control potential events or situations to provide reasonable assurance regarding the achievement of the objectives of the organisation (IIA, 2004:55). The definitions connote that risk management is a systematic effort important for the achievement of organisational objectives. A good risk management programme therefore is consistent with the existence of any organisation as it entails the achievement of risk-to-return trade-offs (Valsamakis et al., 2010:7). Most codes of corporate governance, boards and committees, including the Committee of Sponsoring Organisations of the Treadway Commission (COSO) (2004), the Organisation for Economic Co-operation and Development (OECD), Basel III, Solvency II and the King IV Report on Governance, emphasise that risk management is indispensable. Nonetheless, traditional risk management alone appears to leave out some important aspects, which led to th development of ERM defined in the following section.

ERM is a rigorous and coordinated approach to assessing risks and responding to all risks that affect the achievement of the strategic and financial objectives of an organisation (Alviunessen & Jankensgard, 2009). COSO, in their ERM-integrated framework, expansively defines ERM as a process effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite and to provide reasonable assurance regarding the achievement of entity objectives (COSO, 2004:4). This comprehensive and broad definition establishes ERM as a process (and not a one-off event), which involves the whole organisation – people at every level. Evidently, through ERM, entities are empowered to identify risks and to formulate risk management strategies, which provide reasonable assurance to the entity’s management and board of directors that the objectives of the organisation will be met.
Eight components of ERM as elucidated by COSO (2004) formed the foundation of this thesis, namely internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring. The ERM framework is made to achieve an entity’s objectives, namely strategic, operational, reporting and compliance objectives.
Many organisations have adopted ERM due to a combination of factors, such as pressure from corporate governance bodies and regulatory institutional demands (Alviunessen & Jankensgard, 2009:12). There are also additional factors such as globalisation, industry consolidation, regulation and technological progress (Hoyt & Liebenberg, 2011:797). Several researchers have furthermore substantiated the conclusion that adoption of ERM leads to shareholder wealth maximisation (Alviunessen & Jankensgard, 2009:13).

READ STRATEGIC ROLE OF SCM IN A BUSINESS ORGANISATION

ERM maturity levels

Since ERM is not an event but a process, it is anticipated that organisations differ in maturity level of its application. It is expected that an organisation might be advanced in some of the eight components of ERM but not in others. Ciorciari and Blattner (2008:8) emphasise that weakness in one component could cripple the whole organisation. The current study wanted to prepare an ERMMF that would be used to assess maturity levels of the insurance industry in Botswana. The components that were employed were described by COSO (2004) and are reflected in the paragraphs that follow.

Internal environment

The internal environment encompasses the tone of an organisation, and sets the basis of how risk is viewed and addressed by the personnel of the entity, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.

CHAPTER ONE: INTRODUCTION
1.1 Background of the study
1.2 Brief overview of existing literature
1.3 Statement of the Problem
1.4 Objectives of the study
1.5 Research questions
1.6 Conceptual framework of the research process
1.7 Research methodology
1.8 Scope and demarcation of the study
1.9 Significance of the study
1.10 Assumptions
1.11 Ethical considerations
1.12 Division of Chapters
CHAPTER TWO: RISK MANAGEMENT
2.1 Introduction
2.2 Conceptual framework of the research process
2.3 An introduction to risk management
2.4 Definition of Risk
2.5 Types of risk
2.6 Risk management
CHAPTER THREE : ENTERPRISE RISK MANAGEMENT (ERM)
3.1.1 ERM Definition
3.2 ERM-related standards and frameworks
3.3 Comparing and Contrasting risk management frameworks
3.4 Overview of Risk maturity models
3.5 Comments on risk models
3.6 Risk Maturity Models for Southern Africa
3.7 ERM maturity Scales
3.8 Limitations of existing models
CHAPTER FOUR: INSURANCE PERSPECTIVE OF RISK MANAGEMENT
4.1 Introduction
4.2 Role of insurance industry in the economy
4.3 Insurance core principles
4.4 Insurance Industry and Risk Management
4.5 Contextual Definition of Insurance industry
4.6 Risk faced by the insurance industry
4.7 Risk Management for Insurance sector
4.8 Audit and Compliance roles in risk management
4.9 Challenges faced by the insurance industry in implementing Enterprise Risk Management
4.10 A perspective of the insurance sector in Botswana
4.11 ERM and the insurance industry
4.12 Risk Management by life insurers, non-life insurers, reinsurers and brokers
4.13 Empirical studies
4.14 Conclusion
CHAPTER FIVE: A PROPOSED ENTERPRISE RISK MANAGEMENT MATURITY FRAMEWORK (ERMMF
CHAPTER SIX: RESEARCH METHODOLOGY
CHAPTER SEVEN: PRESENTATION AND DISCUSSION OF THE RESULTS
CHAPTER EIGHT: SUMMARIES, CONCLUSIONS AND COMMENDATIONS