Question

Telecommunication Governance 1:

Note:Very Important to add at least 4 bibliographical sources

Explain in detail, illustrate examples and applications:

Fully explain the ERM Framework in the context of its four categories including the Internal Controls module.

Answer 1

Enterprise Risk Management Defined

Enterprise risk management deals with risks and opportunities affecting value creation or preservation, defined as follows:

Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

The definition reflects certain fundamental concepts. Enterprise risk management is:

• A process, ongoing and flowing through an entity

• Effected by people at every level of an organization

• Applied in strategy setting

• Applied across the enterprise, at every level and unit, and includes taking an entity level portfolio view of risk

• Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite

• Able to provide reasonable assurance to an entity’s management and board of directors

• Geared to achievement of objectives in one or more separate but overlapping categories

a. Strategic – high-level goals, aligned with and supporting its mission

b. Operations – effective and efficient use of its resources

c. Reporting – reliability of reporting

d. Compliance – compliance with applicable laws and regulations.

Encompasses Internal Control

Internal control is an integral part of enterprise risk management. This enterprise risk management framework encompasses internal control, forming a more robust conceptualization and tool for management. Internal Control – Integrated Framework has stood the test of time and is the basis for existing rules, regulations, and laws, that document remains in place as the definition of and framework for internal control. While only portions of the text of Internal Control – Integrated Framework are reproduced in this framework, the entirety of that framework is incorporated by reference into this one.

Application of ERM by implementing following steps:

STEP 1: Conduct an enterprise risk assessment (ERA) - Using the business strategy as a context, an ERA identifies and prioritizes the organization’s risks and provides quality inputs for purposes of formulating effective risk responses, including information about the current state of capabilities around managing the priority risks.Identifying gaps relating to the entity’s priority risks provides the basis for improving the specificity of the ERM value proposition.

STEP 2: Articulate the ERM vision and value proposition using gaps around the priority risks -

To illustrate:

1. Once the current state of capabilities is determined for each of the key risks in Step 1, the desired state is evaluated with the objective of identifying gaps and advancing the maturity of risk management capabilities to close those gaps. “Risk management capabilities” include the policies, processes, competencies, reports, methodologies and technology required to execute the organization’s risk response.
2. ERM infrastructure consists of the policies, processes, organizational structure and reporting in place to instill the appropriate oversight, control and discipline around continuously improving risk management capabilities. Examples of elements of ERM infrastructure include, among other things, an overall risk management policy, an enterprisewide risk assessment process, presence of risk management on the Board and CEO agenda, a chartered risk committee, clarity of risk management roles and responsibilities, dashboard and other risk reporting, and proprietary tools that portray a portfolio view of risk.

STEP 3: Advance the risk management capabilities of the organization for one or two priority risks

Examples include:

• Compliance with Sections 404 and 302 of the SarbanesOxley Act
• One or two priority financial or operational risks based on the enterprisewide risk assessment results (see Step 1), e.g., operational risk in a financial institution
• Regulatory compliance risks and/or governance reform issues
• Integration of ERM with the management processes that matter, e.g., strategic management, annual business planning, new product launch or channel expansion, quality initiatives, capital expenditure planning and performance measurement and assessment

STEP 4: Evaluate the existing ERM infrastructure capability and develop a strategy to advance it

ERM infrastructure facilitates three very important things with respect to ERM implementation. First, it establishes fact-based understanding about the enterprise’s risks and risk management capabilities. Second, it ensures there is ownership over the critical risks. Finally, it drives closure of unacceptable gaps. ERM infrastructure is not a one-size-fits-all. What works for one organization might not work for another. ERM infrastructure is not a one-size-fits-all. What works for one organization might not work for another.

STEP 5: Advance the risk management capabilities for other key risks

After the first four steps are completed, it will often be necessary to update the ERA for change. Once there is a refined definition of the priority risks, based on the updated ERA, management must determine the current state of the capabilities for managing each risk and then assess the desired state. The objective is the same as with the one or two priority risks addressed in Step 3, i.e., to advance the maturity of the enterprise’s capabilities around managing its key risks. In taking this step, management broadens the enterprise’s focus to other priority risks.

Bibliography:

• Committee of Sponsoring Organizations of the Treadway Commission (COSO), Internal Control—Integrated Framework: Executive Summary Framework. AICPA, New York, 1992.
• COSO, Enterprise Risk Management—Integrated Framework: Executive Summary, AICPA, New York, 2004.
• COSO, Enterprise Risk Management—Integrated Framework: Application Techniques, AICPA, New York, 2004.
• COSO, Enterprise Risk Management—Integrating with Strategy and Performance, COSO, 2017.