Enterprise Risk Management (ERM) with caniasERP
From this perspective, enterprise risk management is the process of identifying, measuring and minimizing risk factors likely to have an adverse influence on operability of an entity or institution and particularly on profitability of a commercial enterprise.
Economic and technological developments have given rise in time to emergence of sophisticated business structures where a wide range of activities are carried out with several persons and through long processes and hierarchical organizational systems continually evolve. As a result, enterprise activities are no longer traceable with simple control methods. COSO (the committee of sponsoring organizations), consisting of five independent professional organizations in USA has pioneered in standardization of internal control in enterprises. COSO internal control model is a multi-dimensional structure comprised of internal control environment, risk assessment, control activities, information and communication and monitoring activities and shaped around the objectives of efficacy and efficiency of enterprise
activities, reliability of financial reports and compliance with laws and regulations in effect.
Later, risk management system standards have been established with ISO 31000 risk management system standard. lSO 31000 risk management system standard recommends enterprises to develop a framework the purpose of which is to integrate the risk management process with the company’s management, strategy and planning, administration, reporting process, policies, values and culture and to implement and continually improve that framework. The caniasERP ERM Enterprise Risk Management (ERM) module has been formed in compliance with these standards.
There are four basic risk groups in the caniasERP Enterprise Risk Management (ERM) module.
The following steps are followed for the management of risks in the caniasERP Enterprise Risk Management (ERM) module:
I. Determination, identification of risks and specifying the corresponding risk group
Companies determine risks taking business processes into account. Assigns responsibles and managers for risks. Identifies risk measurement periods and how measurements are performed.
II. Assessment of risks
Primary risk assessment methods used:
- Scenario analysis
- Profit/cost analysis
- Root cause analysis
- Fault impact analysis
- Result/probability matrix
III. Operating risks, ranking risks according to results and determining risk control methods
Risk control methods used:
- Avoidance: The enterprise terminates the activity
- Prevention: Reducing the possibility of risk occurrence
- Protection: Reducing the impact of risks
- Distribution: Distributing activities to ensure that all activities of the enterprise are not harmed by the risk
- Transfer: Transferring risks to third parties or entities
IV. Selection, implementation of methodto be applied and tracking risks
- Configurable module parameters
- Defining additional risk groups
- Defining possibility and impact scales
- Defining flexible measuring periods
- Using data from any module in the system
When defined risks are run at specified times, results are shown both as a report and a graph.
Connection with other Modules
Since the caniasERP Enterprise Risk Management (ERM) module is fully integrated to the system, it can use any data in any module of the system to measure the risks.