Weaver has a proven methodology and approach for performing an Enterprise Risk Assessment that is interdisciplinary in scope and will be the foundation of an organization’s Enterprise Risk Management (ERM) function. Through each of the four phases in our methodology, Weaver works with management to develop an in-depth understanding of the risks that threaten strategic objective achievement at the enterprise and process levels.
Phase 1: Risk Assessment Team
- Develop cross-disciplinary team
- Conduct kick-off risk assessment team meeting
Phase 2: Entity-Level Risk Assessment
- Conduct risk assessment team meetings to identify risks and develop the risk universe
- Develop and distribute risk identification questionnaire
- Evaluate responses and investigate outliers
- Develop risk maps showing concentration of risks based on probability and impact
- Link risks to strategic objectives
Phase 3: Process Level Risk Assessment
- Develop universe of significant activities
- Conduct forum group meetings to discuss significant activities and build consensus
- Review and discuss results with risk assessment team
- Develop risk maps
Phase 4: Risk Response Plan and Reporting
- Work with management to develop a risk response plan
- Report results to Senior Management and the Board
Through our independent and disciplined approach, Weaver provides the organization with a risk universe, risk maps and a risk assessment report that become the initial baseline assessment for the implementation of ERM practices. Our methodology incorporates both the International Organization for Standardization (ISO) 31000 Risk Management Framework and the Committee of Sponsoring Organizations (COSO) Enterprise Risk Management Framework (ERM). ISO 31000 describes the risk management process as a “systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing risk.”
According to COSO ERM, “Risks in different units may be within the risk tolerance of the individual units, but, taken together, the risks might exceed the risk appetite of the entity as a whole, in which case additional or different risk response is needed to bring risk within the entity’s risk appetite.”Our methodology is based on both standards to ensure that all risk considerations, both internal and external, as well as operational and financial are adequately addressed in the assessment.
Weaver utilizes a top-down approach to assess the critical systems, technology, architecture and processes to ensure that they are reliable, available and compliant. We focus on efficiency and work to achieve multiple compliance initiatives through a single effort, thereby creating an enterprise-wide view of risk and reducing your overall cost of compliance. With a team comprised of highly-experienced Advisory, Financial, Forensics, and IT professionals – coupled with a personal approach – Weaver’s auditors deliver maximum value to your business.
The Enterprise Risk Assessment will improve overall risk awareness in the organization by getting management involved in the discussions to identify key risks, encouraging management’s development of responses to risks, and updating the baseline evaluation of risk to be integrated into the ongoing Enterprise Risk Management function. Overall, the risk assessment process has a healthy impact on the risk awareness culture through encouraging involvement in risk identification at all levels and in all disciplines throughout the organization.