by
Imran Adwani , Head of Internal Audit , Abdulla Bin Zayed Investment Group
Embedding ERM requires risks to be integrated with the business at all levels. So to implement ERM requires total commitment by management, as well as recognition by the board of its responsibility.
Establish business objectives considering all stakeholders’ needs and risk appetite.
Follow the appropriate risk management framework (like COSO ERM Framework) to embed the ERM in the organization.
Think broadly and examine carefully events that may affect the organization’s objectives.
Assess risks affecting the business objectives both positively and negatively.
Develop risk mitigation/ exploitation plans and assign responsibilities.
Maintain the flexibility to respond to new or unanticipated risks.
Use metrics to monitor the effectiveness of the risk management process.
Communicate the risks identified as critical to the appropriate authority within the organization.