Enterprise Risk Management Consulting Services
Enterprise risk management (ERM) is a structured, consistent, and continuous risk management process applied across an entire organization that allows companies to better understand and address material risks. Corporate boards, ratings agencies, and regulatory bodies are among the key drivers for advancing ERM. The implementation of ERM can facilitate better capital resource allocation decisions, increase operational efficiency, and enhance a company’s risk control efforts to support critical strategic, compliance, and governance initiatives. Marsh Risk Consulting (MRC) can help your organization apply an integrated approach to identifying and assessing business-critical risks, evaluating existing risk management infrastructure elements, and constructing continuous, in-depth ERM processes.
MRC’s ERM specialists analyze risk from an integrated perspective, exploring risk relationships within your organization to create a more sophisticated understanding of your company’s material risks. Whether your company is just beginning the ERM journey or has an established framework in place, MRC can assist you in your ERM efforts.
Who It's For
Any publicly traded or privately held organization:
- In a highly regulated industry.
- Seeking to better understand and mitigate the risks it faces across the entire organization.
- Wanting to benchmark and improve existing risk management arrangements.
- Looking to coordinate and formalize its risk management efforts across the enterprise.
What You Get
- A proven process to help you identify and assess material risks, develop specific mitigation strategies, and assess enterprise-wide technology platforms for ongoing monitoring and reporting.
- The ability to create a holistic, enterprise-wide risk aware culture, drawing upon MRC’s expertise in industry issues, risk analysis, analytics, organizational change, and risk technology.
Identification, Assessment, Analysis, and Prioritization
Current State/Gap Analysis
When considering the steps necessary to implement an ERM framework, it is useful to first identify and compare your organization’s existing capabilities relative to what capabilities management would like to have in place. MRC provides a current state assessment, as well as a gap analysis against best practice and a benchmarking report.
Risk Identification and Assessment
Risk identification and assessment is a critical framework component. We take a structured approach to assess risks specific to your organization. This includes the collection, identification, categorization, prioritization, and mapping of risks to align with your organization’s business objectives and strategy. The result is a strategic organizational risk map.
Risk analysis enables you to better understand the impact risk has on your organization and your business objectives. MRC takes a disciplined approach to understanding your risk appetite and developing tolerance thresholds; modeling risks and their variance; providing an analysis of the projected impact of mitigation strategies; assisting you in determining optimal capital allocation; and considering the upside of risk to your business.
A systematic ERM approach calls for the analysis of possible actions taken with respect to each risk—accepting it, managing it, or exploiting it. Moreover, these options typically necessitate an implementation plan. MRC offers an evaluation of risk treatment options including the projected costs and benefits; identification of risk ownership; the recommendation of tailored solutions appropriate to your business and objectives; and the implementation of risk mitigation strategies.
Managing risk across the enterprise requires coordination. The information produced by the various businesses and risk management functions in the risk assessment and analysis phases must be disseminated so that the right people are given the right information at the right time to make informed business decisions. MRC can help you determine the appropriate needs of your business, its management, and key constituents, and assists in the design of meaningful communication processes and materials.
Our comprehensive approach addresses the needs of board members, senior managers, risk managers, and other internal and external stakeholders.
In an effort to sustain risk monitoring and to make risk reporting more efficient, many organizations are turning to technology to support their ERM framework. MRC works with you to establish principal business requirements; recommends technology solutions; assists you in the development and implementation of a technology infrastructure; and evaluates various software applications.
Framework Design, Implementation, and Reporting
Instilling a risk-based culture is crucial to realizing the on-going benefits from ERM. MRC works with you to enhance existing processes or create new ones. Activities can include building communication protocols based on a “common language” for discussing risk; enhancing risk governance frameworks; and integrating risk management activity into your control and compliance framework, strategic planning, and business processes. As a follow-up to these activities, we provide you with an implementation roadmap to assist with organizational change.