We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:



Enterprise Risk Management Risk Assessment

Marsh Advisory's enterprise risk management assessment process can help organizations quickly understand and prioritize critical, enterprise-wide risks and develop plans to maximize as well as mitigate and manage risk.

Who It's For

Any size organization in any industry, anywhere in the world, especially those with:

  • Significant change to the business model.
  • No clearly defined risk management practices.
  • Over-reliance on a limited number of vendors or customers.
  • Key leadership change.
  • A reputational crisis or serious business failure.
  • A compliance or governance issue.

What You Get

  • Identification and ranking of your key business risks.
  • A review of the current controls intended to manage these risks.
  • Detailed action plans for closing risk management gaps.
  • An enhanced ability to develop and execute effective, corporate-level risk management strategies.

Service Highlights

Our enterprise risk management assessment process is based on the time-tested and rigorous Delphi method for reaching consensus among experts in areas where empirical data is limited. Marsh Advisory uses a multi-step process involving focused interviews and a facilitated workshop with top decision makers. We leverage the expertise of Marsh’s industry, brokerage, and advisory professionals to provide scalable, flexible, and dynamic risk assessments designed to integrate risk into corporate-level decision making. By assisting your strategic planning, budgeting, auditing, and corporate governance efforts, along with other organization-wide processes, our enterprise risk management assessment can help your organization:

  • Reduce and more effectively manage operating costs.
  • Protect earnings, revenue streams, and key relationships.
  • Enhance the integrity and transparency of business operations.
  • Align operations with stakeholder expectations.

The efficiency and effectiveness of the process allows you to generate consensus on crucial risks and the associated management controls so that you can navigate through tough times and remain competitive in the short and long term. The risk assessment process can be embedded into existing business processes, becoming an ongoing, consistent method of risk identification.

The steps in the process described below are proven to deliver highly valuable results in a relatively short time period.

Due Diligence and Data Collection

During this first phase of the enterprise risk management assessment process, we analyze your business activities and objectives as well as challenges to growth and profitability.

Context-Setting Interviews

Through a series of meetings with top organizational decision makers, critical risks and related information are established, existing risk management practices are reviewed, and risk evaluation criteria are set. The evaluation of existing risk management practices looks at:

  • The framework for managing risk.
  • Your risk management culture.
  • Processes for anticipating risks related to change.
  • The adequacy of technical information to support risk-based decisions.
  • Whether there is a systematic approach to controlling risk.

Facilitated Workshop

A facilitated workshop is then conducted with your leadership team and key personnel to evaluate a customized inventory of risks populated across various categories of risk. Each risk scenario/event is evaluated and rated based on input by your leadership team. Voting software is used to support additional risk review.

Analysis and Report Development

With the information gathered in the previous steps, our professionals prepare a report, incorporating easy-to-understand graphical depictions of risk information, that includes:

  • A ranked inventory of risks facing your organization, according to likelihood of occurrence and severity of impact.
  • A graphical summary, or risk/heat map, that provides an overview of your risk profile and serves as a robust communication tool with key stakeholders.
  • An action plan to:
    • Improve existing risk management practices.
    • Close gaps in risk management effectiveness.
    • Develop a risk communication strategy for key stakeholders.
    • Embed the risk assessment process into the organization.

Report Delivery and Recommendation

We also provide a final report as well and a presentation to your leadership team and/or board of directors. The presentation reviews the enterprise risk management assessment process, key findings, recommendations, and next steps.