Recognizing the evolving nature of enterprise risk management (ERM) in recent years, COSO has released a new thought paper entitled ‘Risk Assessment in Practice’.
Authored by representatives from Deloitte, this thought paper provides leadership thinking on risk assessment approaches and techniques that have emerged as the most useful and sustainable for decision-making. It represents another in a series of papers published by COSO aimed at helping organizations move up the maturity curve in their ongoing development of a robust ERM program.
“Risk assessment is all about measuring and prioritizing risks so that risk levels are managed within defined tolerance thresholds without being over controlled or forgoing desirable opportunities,” said Dr. Patchin Curtis, director, Deloitte & Touche LLP and co-author of the paper. “To accomplish this requires a risk assessment process that is practical, sustainable, easy to understand and right-sized for the enterprise.”
Risk Assessment in Practice presents a process that involves:
- Developing risk assessment criteria,
- Assessing risks,
- Assessing risk interactions, and
- Prioritizing risks.
It discusses how to put this process into practice in a simple, practical, and easy to understand way.
“ERM is a young discipline that is continuing to evolve,” said COSO Chairman David Landsittel. “This publication builds on COSO’s existing ERM guidance by helping executives build a more robust risk assessment process, and providing an understandable discussion that will assist board members in their oversight responsibilities.”