Steps in the 企业风险管理 (ERM) Process

识别风险
The first step in the ERM process is to identify the potential risks (and opportunities) that may affect the organization’s objectives. This step involves recognizing internal and external risks that may arise from various sources such as operations, 金融, 监管, 法律, reputational and strategic risks. Identifying new risks is key to managing what is on the horizon.

A graphic showing the typical steps involved in the ERM process.

评估风险
在确定了风险之后, the next step is to assess their likelihood and 的潜在影响 on the organization’s objectives. This step involves analyzing the risks in terms of their probability of occurrence, 的潜在影响, the speed (or velocity) that the risk might affect the organization and the adequacy of the organization’s current controls to mitigate those risks.

优先考虑风险
基于风险评估, the next step is to prioritize the risks based on their level of importance to the organization’s objectives. This step involves determining which risks require immediate attention and which risks can be managed over the long term.

Develop Risk Mitigation Strategies
在对风险进行优先排序之后, the next step is to develop risk management strategies that align with the organization’s objectives. This step involves developing a risk management plan that outlines how the organization will mitigate, 避免, 转移或接受每一项风险.

Implement Risk Mitigation Strategies
The next step is to implement the risk mitigation strategies identified in the previous step. This step involves putting in place the necessary processes, policies and procedures to manage the risks identified.

报告、监督和审查
The final step in the ERM process is to report, monitor and review the effectiveness of the risk management strategies implemented. This step involves continuously monitoring the risks, evaluating the effectiveness of the risk management strategies, adjusting the strategies as necessary and reporting the results in a timely manner to be useful in strategic planning.