Risky Business
by Karen Stern
Risk is everywhere, as evidenced by recent headlines about employee fraud and cybersecurity. Not understanding your risks can result in products failing, unreasonable revenue goals and an increase in uninformed risk taking. Putting an enterprise risk management (ERM) program in place can help identify and assess the potential impact certain risks can have on you and your company.
Here are eight key steps to build a successful ERM program:
1. Ask questions. Ask your employees and your management team what they perceive to be your risks; map them to get an overview of the full spectrum of risks.
2. Determine your ERM maturity. Determine how mature your company is in terms of managing the risks identified in step 1.
3. Project-plan. Set short- and long-term objectives and align them with your overall business mission and values.
4. Perform a risk assessment. Identify internal and external risks and determine whether they are risks or opportunities. Analyze these risks by considering the likelihood and impact of each risk and determining how you should manage them.
5. Determine the risk responses. Based on your risk appetite, select risk responses, which can include avoiding, accepting, reducing and sharing risk.
6. Design the control activities. Based on the risk response, determine the appropriate internal controls and the policies and procedures you need to implement to help ensure the risk responses are effectively carried out.
7. Inform and communicate. Identify, capture and communicate appropriate information in a uniform and timely manner so employees can carry out their responsibilities.
8. Monitor. Continuous monitoring of your environment and achievement of objectives are integral.
Putting these steps in place and continuously updating your ERM program can help you manage your business and align your strategies and their underlying risks with your business objectives.
Karen Stern (314-983-1204 or kstern@bswllc.com) is partner in charge of BSW Small Business Services, which provides small business tax and accounting services.