This is an update pertaining to changes that are happening in the Enterprise Risk Management (ERM – note: GRC or Governance, Risk and Compliance is a common synonym) system. Origami Risk is providing enhancements in response to client and prospect requests, as well as some major evolution in ERM as it is perceived by many of the stakeholders.
What is driving change and interest in ERM?
Two key changes in 2017 are:
COSO ERM 2017 Revision: Published mid October, this update is primarily aimed at Internal Auditors, however, because of their often strong position at very high levels in many organizations, this framework is often better known than ISO 31000, especially, but not exclusively in USA. This update makes a much clearer connection between Objectives of an organization and the risks and their related controls.
ISO 31000 2017 revision: Due to be published early 2018, this ERM framework has been extensively adopted globally and provides a realistic approach to the way any form of organization manages risks.
These two prime drivers of ERM are now more closely aligned.
What can you expect?
What is driving change and interest in ERM?
Two key changes in 2017 are:
COSO ERM 2017 Revision: Published mid October, this update is primarily aimed at Internal Auditors, however, because of their often strong position at very high levels in many organizations, this framework is often better known than ISO 31000, especially, but not exclusively in USA. This update makes a much clearer connection between Objectives of an organization and the risks and their related controls.
ISO 31000 2017 revision: Due to be published early 2018, this ERM framework has been extensively adopted globally and provides a realistic approach to the way any form of organization manages risks.
These two prime drivers of ERM are now more closely aligned.
What can you expect?
CFOs, Chief Audit Officers, Risk managers, Board members, Investors, Lawyers (internal and external) – all can be expected to be seeing a major increase in discussions and questions on how their organization is managing risk (or how a target company is handling risks). It will therefore be necessary to have an understanding of what the current state of ERM is in your organization, and what changes are planned to conform with these frameworks.
Readers can also expect some deep questioning on how they can prove they have taken all appropriate steps to ensure their objectives have been achieved or are still achievable in a risky environment.