Enterprise Risk Management (ERM) is a process effected by an entity’s board of directors, management and other personnel. It is applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity and help manage risks to be within its risk appetite and to provide reasonable assurance regarding the achievements of entity objectives. Source: The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Why ERM…
Effective risk management is fundamental to the prudent management of an insurer. The Risk Management and Internal Controls for Insurers (GOI 3) standard requires insurers to have a board-approved enterprise-wide risk management system. In addition, the King Code on Corporate Governance King IV™ suggests that the organisation should assume responsibility for the governance of risk and that actions should be taken to monitor the effectiveness of risk management and how outcomes were addressed. Insurance companies should therefore develop and maintain a risk assurance programme to ensure risks are managed in such a way that the interests of all stakeholders are protected. Since risk is the effect of uncertainty on the achievement of the organisation’s objectives, enterprise risk management is a process to effectively and proactively identify, assess, quantify, and mitigate such risks, providing the organisation with reasonable assurance that its objectives will be met through consideration of both the positive and negative effects of the risk.