Enterprise Risk Management
Union Assurance PLC
Establishing Context: An understanding of the current conditions in which the organization operates on an internal, external and risk management context. Identifying Risks: Documentation of the material threats to the organization’s achievement of its objectives and the representation of areas that the organization may exploit for competitive advantage. Analyzing/Quantifying Risks: Calibration and, if possible, creation of probability distributions of outcomes for each material risk. Integrating Risks: Aggregation of all risk distributions, reflecting correlations and portfolio effects, and the formulation of the results in terms of impact on the organization’s key performance metrics. Assessing/Prioritizing Risks: This includes the determination of the contribution of each risk to the aggregate risk profile, and appropriate prioritization. Treating/Exploiting Risks: Development of strategies for controlling and exploiting the various risks. Monitoring and Reviewing: Continual measurement and monitoring of the risk environment and the performance of the risk management strategies.