31 March 2022 Open with your browser  
 
 
[中文版]

COSO published a new guidance on taking an agile approach on enterprise risk management

Written by: Mr. Cusson Tsang – Risk Consultant

In early March 2022, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has issued a new guidance, Enabling Organizational Agility in an Age of Speed and Disruption. The Guidance is intended to help organizations succeed by being more anticipatory, agile, and adaptable. The guidance also highlights many of the COSO Enterprise Risk Management (ERM) risk principles and how they relate to an agile business environment, and numerous ways are identified that show how the COSO ERM principles link to agile approaches.

Section 1 - Speed, Disruption, and Risk are causing change
Agile methods can be a way to get things done faster and better and can also be a strategic response to massive risk and uncertainty. There are several approaches to deal with uncertainties, including moving faster, working differently, and becoming more agile in different business units. To adopt agile approaches, companies can leverage COSO ERM’s Governance & Culture component and principles and rethink how they operate while aligning with their core values. When speed and agility are at higher levels, the ERM team needs to help the management rethink strategic risks and objectives. At the same time, the management must further step up their ability to see and interpret strategic risks that challenge whether the company has the right strategy and risk approach, especially in a world that is moving at an accelerated pace.

Section 2 - Business unit and team adoption of agile ERM Implications
In a highly disruptive and fast-changing world, companies must be agile and able to pivot. The companies have to be able to interpret when, how, and whether to change their current business model. No matter how the changes have been adopted, the business units must be aligned with the strategic and agile approach. To smoothen the adoption of agile business model and risk management approaches, risk management team should provide risk management tools and trainings to enable the business units to properly understand, identify, and manage all related risks as expanded on in the performance component in COSO ERM. The first tool would be identifying and mapping top risks to a business unit’s mission. This helps the business units think through such risks, prioritize them, and potentially manage or mitigate them to increase the chances of meeting its objectives. Another tool is a pre-mortem analysis. The business units could allocate time to think through why a product, an idea or a business strategy might only last a short period of time. It could address what changes in the market, environment, or customer needs might lead to the demise.

No matter which risk management approach or tool has been implemented, when agile practices are adopted, ERM model will also need to make changes to keep up. The key for successful ERM implementation is to find the best combination of approaches to enhance risk management capability and help respond to relevant top risks. Thus, in daily operation, risk management team should maintain transparency and urgency, help business units identify the risks and provide opinions to the changes in ERM system. It is valuable to have risk management team members involved in up front risk monitoring process as much as possible.

Section 3 – The adoption of agile practice changes the ERM approach
Risk management team should consider applying necessary changes itself. Traditional approaches to assessing risk on a quarterly and yearly basis are still critical and do help manage risk and increase the likelihood of meeting objectives. However, traditional approaches have a common flaw: they lean more toward risk awareness and monitoring by many companies. Thus, risk management team should make relevant changes regarding to the rapidly changing business environment. When organizations are becoming more agile, the risk management team should rethink its risk control measures to ensure they support the strategy, culture, and organizational changes that occur after agile practices have been adopted. The involvement of risk management team in agile risk assessment practices is not only a good idea but especially helpful in improving the management of risk. In fact, agile practices will benefit the ERM function and complement its efforts.

Summary
To conclude, the COSO ERM framework provides a great method for thinking about how and where risk should be considered as companies become more agile. In a fast-paced uncertain environment, change and disruption are happening at a rapid pace and creating hazards for companies as they have to meet their objectives and respond to their risks simultaneously. Many companies are implementing new approaches to help them succeed, including agile practices on operations and risk management. Some companies are adopting agile practices at the group and strategic levels, while others are implementing more agile-oriented practices at the business-unit level. Either way, risks must be effectively identified, assessed, and managed. A mature and agile ERM framework and risk management team can play a crucial role in helping organizations manage the risk. Furthermore, organizations should report the latest changes to the risk management team on company-wide and related business units so that the team can make necessary changes to the ERM framework and certain risk management measures.



Source:
Dr. Paul L. Walker (February 2022). Enabling Organizational Agility in an Age of Speed and Disruption. Committee of Sponsoring Organizations of the Treadway Commission (COSO).

If there are any aspects which we may assist, please do not hesitate to contact:

Gloria So 
Partner, SW Hong Kong
 

gloria.so@shinewing.hk (Tel. 3583 8517)

 

Contact Us

SW Hong Kong
43/F, Lee Garden One,
33 Hysan Avenue
Causeway Bay,
Hong Kong

T. (852) 3583 8000
F. (852) 3583 8001
W. www.shinewing.hk
E. info@shinewing.hk

 

About SW

SW is a premier provider of professional services, specialising in audit, tax, advisory and business services. Present in China, SW has domestic offices which are spread across the major cities, including Beijing, Shenzhen, Chengdu, Shanghai, Xi’an, Tianjin, Qingdao, Changsha, Changchun, Yinchuan, Jinan, Dalian, Kunming, Guangzhou, Nanjing, Urumqi, Wuhan, Hangzhou, Taiyuan, Chongqing, Nanning, Hefei, Zhengzhou, Suzhou, Xiamen, Haikou, Shenyang, Nanchang. Other member firms include Hong Kong, Singapore, Australia, Japan, Pakistan, Egypt, Malaysia, United Kingdom, Indonesia, India, Thailand, Taiwan, Germany, Turkey and Macau. Today, SW employs over 10,000 staff. With our extensive network, we are able to leverage fellow members’ expertise and geographical presence and enhance our ability to serve the dynamic needs of transnational clients.

 

© 2022 SW Hong Kong. All rights reserved.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.

 

Home | Open in browser | Unsubscribe