7/25/2019 Using the RIMS ERM Starter Kit 2013

1/12

Copyright 2013 Risk and Insurance Management Society, Inc. 1

Using the RIMS ERM

Starter Kit

RIMS ERM Trajectory of Success

The five stages of RIMS ERM Trajectory of Success are designed to take an

organization from its initial commitment through design, activation, monitoring and

improving its ERM discipline.

The starter kit is provided to help you overcome the initial hurdles for commitment

and design by providing you with basic ERM materials that other risk professionalshave used successfully.

For more information and training on the RIMS ERM Trajectory of Success, contact

pd@rims.orgabout our RIMSAccelerating ERM workshop.

Contents of the Starter Kit

Commit

ERM Program Mini Readiness Checklist

ERM Risk Council Charter

RIMS Risk Maturity Model Assessment (link)

Design

Sample Risk Register

Sample ERM Preparatory Interview Worksheet

Risk Log Template

Risk Mapping Using Impact and Likelihood

Risk Ranking Tool

Demo of Risk Ranking Tool (Auto Risks)

Risk Training for Nonprofessionals Template

ERM Executive Report Template (simple)

Sample Annual Report (extended)

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

RIMS thanks the following contributors to the starter kit:

Grace Crickette, University of California

Radu Demian, University Hospitals

Carol Fox, RIMS

Rupak Mazumdar, George Weston Ltd.

mailto:pd@rims.orgmailto:pd@rims.org

7/25/2019 Using the RIMS ERM Starter Kit 2013

2/12

Copyright 2013 Risk and Insurance Management Society, Inc. 2

Using the RIMS ERM

Starter Kit

Starting with Commitment

Commit

ERM Program Mini Readiness Checklist

Use the checklist to gauge your starting point.When considering your assessment, think aboutwhether the requirements are imposedinternally by management or externally by

regulators, shareholders or others.

Many organizations, whether regulated or not,use an internationally recognized voluntarystandard such as ISO 31000 as a requirementsguide. Others subscribe to other recognizedframeworks. See RIMS Executive Report onWidely Used Standards and Frameworks foradditional background.

The readiness checklist may reveal that youalready have a good start, or it may reveal thatyou have significant work to do.

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

7/25/2019 Using the RIMS ERM Starter Kit 2013

3/12

Copyright 2013 Risk and Insurance Management Society, Inc. 3

Using the RIMS ERM

Starter Kit

Starting with Commitment

Commit

ERM Risk Council Charter

An important part of the commitment stage is to

articulate the purpose, principles, governance and

strategy for your ERM program. Often this takes the

form of a mandate or charter when establishing an

internal risk committee or council. A charter generally

Establishes a purposeand value outcome for the

enterprise

Establishes the guiding principlesby understanding

and acknowledging the organizations risk

philosophy, setting the foundation of risk practices

within the organizational context

Establishes a risk governance model that fits your

unique organization, and finally Determines an ERM strategy that will get the

organization where it wants to go

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

7/25/2019 Using the RIMS ERM Starter Kit 2013

4/12

Copyright 2013 Risk and Insurance Management Society, Inc. 4

Using the RIMS ERM

Starter Kit

RIMS Risk Maturity Model for ERM

Access at: http://www.rims.org/resources/ERM/Pages/RiskMaturityModel.aspx

Starting with Commitment

Commit

RIMS Risk Maturity Model Assessment

With this free assessment, you can evaluate your

organizations risk maturity levels, and determine

where your program can improve.

The assessment is broken down into seven

sections, each focusing on a different core

attribute of ERM. The assessment takes about

fifteen to thirty minutes to complete.

Over 2,000 organizations have already base-lined

their risk maturity levels with the RIMS RMM.

Many come back periodically for a re-assessment

to gauge progress. The assessment iscomplimentary, and your results are kept private.

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

http://www.rims.org/resources/ERM/Pages/RiskMaturityModel.aspxhttp://www.rims.org/resources/ERM/Pages/RiskMaturityModel.aspxhttp://www.rims.org/resources/ERM/Pages/RiskMaturityModel.aspx

7/25/2019 Using the RIMS ERM Starter Kit 2013

5/12

Copyright 2013 Risk and Insurance Management Society, Inc. 5

Using the RIMS ERM

Starter Kit

Framing the Conversation

Risk registers can be extremely simple to quite lengthy. Often, the risks are sorted by

categories.

This particular sample is organized under two broad categories: Context Risks and

Resource Risks. Context Risks relate to internal and external factors that impact the

environment in which the organization operates or the way business processes are

conducted. Resource Risks relate to the resources used by the organization toaccomplish its objectives.

Designing a Program

Design

Sample Risk Register

Risk registers are valuable tools to identify, define

and list risks that may positively or negatively

impact an organizations objectives.

When initially starting an ERM program, it is

helpful to have a frame of reference for those

being asked to assess the risks.

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

7/25/2019 Using the RIMS ERM Starter Kit 2013

6/12

Copyright 2013 Risk and Insurance Management Society, Inc. 6

Using the RIMS ERM

Starter Kit

Engaging the Experts

The preparatory interview worksheet included in the starter kit assumes that

definitions and ratings have been designed. The worksheets purpose is to provide

your experts with food for thought before the interview / voting process begins.

Designing a Program

Design

Sample ERM Preparatory Interview Worksheet

Who best understands the risks that your organizationmay be facing? There are a number of differenttechniques you may use to gather assessmentinformation from these individuals.

Two of the most commonly used are:

The Delphi method entails a group of experts whoreply anonymously to questionnaires andsubsequently receive feedback in the form of astatistical representation of the "group response,"after which the process repeats itself. The goal is toreduce the range of responses and arrive at somethingcloser to expert consensus.

Expert elicitation is a structured process to elicitsubjective judgments from experts. It is widely used inquantitative risk analysis to quantify uncertainties incases where there are no or too few direct empiricaldata available to infer on uncertainty.

Both methods require you to prepare the experts toengage in the interview process.

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

7/25/2019 Using the RIMS ERM Starter Kit 2013

7/12

Copyright 2013 Risk and Insurance Management Society, Inc. 7

Using the RIMS ERM

Starter Kit

Keeping a Risk Log

Documenting assessments and who is accountable for doing what by when keeps your

ERM program from becoming a periodic exercise. Unless you have tracking software at

your disposal, this template may help to organize risk activities based on priorities. This

approach can be particularly helpful when assessing risks associated with new

initiatives, projects or launches.

Designing a Program

Design

Risk Log Template

The Risk Log Template provided can be used as

an inventory of risks as they are assessed, and as

decisions are made whether to accept, avoid,transfer, mitigate and/or exploit the risk.

This is particularly useful in the initial stages of

organizational project or initiative plans, where

the actual treatment plans are as yet

undeveloped. Assignments (accountability) can

be made and monitored for rollout.

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

7/25/2019 Using the RIMS ERM Starter Kit 2013

8/12

Copyright 2013 Risk and Insurance Management Society, Inc. 8

Using the RIMS ERM

Starter Kit

Depicting Risk Assessments

Once risk registers have been completed and the risks have been assessed, commonly

the next step is to map risks into a grid highlighting those that require the greatest

management attention. Most commonly, this is done based on impact (severity) and

likelihood (or probability).

The risk mapping document in the starter kit takes you through a sample, providing

possible definitions for each of these two criteria.

Designing a Program

Design

Risk Mapping Using Impact and Likelihood

Impact and likelihood are two of many criteria

that may be used to map risks. Other qualitative

measures to consider might include:

Timing (speed to onset, trigger, duration )

Capacity

Controllability

Visibility (for monitoring)

Interdependencies

Readiness

Degree of confidence

See RIMS Strategic Risk Management Implementation Guide

2012 for other possible approaches.

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

7/25/2019 Using the RIMS ERM Starter Kit 2013

9/12

Copyright 2013 Risk and Insurance Management Society, Inc. 9

Using the RIMS ERM

Starter Kit

Beyond Frequency and

Severity

In addition to the blank template, we have

included a demo of the Risk Ranking Tool

for consideration of auto risks in the RIMS

ERM Start Kit. This demo illustrates how thetool might be used for consideration of

specific risks.

The tools have been provided as is, in

accordance to their original development

and use within the UC system. You may

need to modify the tool somewhat to meet

your organizations terminology and

descriptions.

Designing a Program

Design

Risk Ranking Tool

Demo of Risk Ranking Tool (Auto Risks)

The Risk Ranking Tool used at the University of

California is an Excel workbook that includes

macros to assess potential risks, likelihood, time,financial and reputation severity. The tool

provides a summary worksheet and a chart of

events.

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

7/25/2019 Using the RIMS ERM Starter Kit 2013

10/12

Copyright 2013 Risk and Insurance Management Society, Inc. 10

Using the RIMS ERM

Starter Kit

Explaining Risk Management and ERM to Others

For more information and training on ERM and specific techniques , contactpd@rims.orgabout our RIMS Techniques of Risk Management: Gaining a Competitive

Advantage.

Designing a Program

Design

Risk Training for Nonprofessionals Template

One of the keys to building risk management

capabilities within an organization is to provide

some basic training.

A simple 20-slide power point presentation is

included in our starter kit to explain risk

management - and the risk management process

- to others in your organization. The training can

be delivered in 30-45 minutes.

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

mailto:pd@rims.orgmailto:pd@rims.org

7/25/2019 Using the RIMS ERM Starter Kit 2013

11/12

Copyright 2013 Risk and Insurance Management Society, Inc. 11

Using the RIMS ERM

Starter Kit

Reporting on Risk

Designing a Program

Design

ERM Executive Report Template (simple)

Sample Annual Report (extended)

As part of the risk management process, risks and

controls should be monitored , reviewed and reported

on a regular basis to verify that

assumptions about risks remain valid;

assumptions on which risk assessments are based,

including the external and internal context, remain

valid;

expected results are being achieved within the

organizations risk appetite and tolerance levels;

selected risk treatments are effective;

the appropriate risk information is shared.

Two examples are provided in the starter kit. One is a

template that you can modify for your own purposes.

The other an example extended report from the

University of Californias Office of Risk Services.

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

7/25/2019 Using the RIMS ERM Starter Kit 2013

12/12

Copyright 2013 Risk and Insurance Management Society, Inc. 12

Using the RIMS ERM

Starter Kit

RIMS ERM Trajectory of Success

The five stages of RIMS ERM Trajectory of Success are designed to take an

organization from its initial commitment through design, activation, monitoring and

improving its ERM discipline.

The starter kit is provided to help you overcome the initial hurdles for commitment

and design by providing you with basic ERM materials that other risk professionals

have used successfully.

For more information and training, contact pd@rims.org.

In Conclusion

Other RIMS Resources for Getting Started

Be sure to check out RIMS Strategic and

Enterprise Risk Center for practical articles,

reports, tips, tools and templates successfully

used by leading risk professionals to advance

your organizations risk capabilities.

Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,

expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.

mailto:pd@rims.orgmailto:pd@rims.org