Home » COSO ERM Enterprise Risk Management Establishment
Category: Risk Management
Analytix risk management consulting services assist clients with implementing a practical approach to Enterprise Risk Management (ERM) that is integrated with existing management strategy, objectives, and processes — with the goal of providing an enterprise-wide view of risk, improving information for decision-making, and reducing the risk of costly surprises.
New Programmes or Improvement to Existing Programmes
Our ERM consulting services are flexible and are suited to either ERM establishment or improvement initiatives.
Alignment with COSO ERM and ISO 31000
Our consultants will assist to align your ERM programme with the COSO ERM framework and the ISO 31000 risk management standard’s ERM best practice guidelines.
Tailored to Your Needs
The scope and structure of an ERM programme can vary, and our effort expended will be tailored to the needs of your organisation. Our consultants will assist you to customise your risk management framework to include the components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation.
ERM Programme Establishment – Elements
Depending on your specific requirement and the Scope of Work, the following elements may be addressed as part of the ERM project:
- Identifying executive sponsors for ERM
- Designing and documenting the risk management principles and risk management policy
- Developing an ERM framework and methodology that enables secure participation of all stakeholders
- Establishing a common risk language or glossary
- Describing the entity’s risk appetite (i.e., risks it will and will not take)
- Identifying and describing the risks in a “risk inventory”
- Implementing a risk-ranking methodology to prioritize risks within and across functions
- Establishing a risk committee and or Chief Risk Officer (CRO) to coordinate certain activities of the risk functions
- Establishing ownership for particular risks and responses
- Demonstrating the cost-benefit of the risk management effort
- Developing action plans to ensure the risks are appropriately managed
- Developing consolidated reporting for various stakeholders
- Monitoring the results of actions taken to mitigate risk
- Ensuring efficient risk coverage by internal auditors, consulting teams, and other evaluating entities
Our consulting approach to risk management advisory projects makes provision to assist you with the development and tailoring of an enterprise risk framework which makes provision for the design and documentation of the risk management principles, policy, process and procedures to implement a Risk Management System.
ERM Project phases
- Assess – Evaluate existing risk management practices, understand current organization and governance structure, determine the enterprise risk profile, and develop a project and change management plan that supports the ERM program vision.
- Design – Mobilize the project team, confirm the plan, and develop the company-specific ERM program- to include governance structure, standard language, policies, processes, roles, responsibilities, tools, and templates.
- Training and Awareness – Develop and deliver enterprise-wide training on all aspects of the ERM program, from boardroom governance to enterprise-wide risk quantification, mitigation, and reporting activities.
- Implement – Communicate change initiatives, conduct highly specialized trainings within each business unit, rollout the ERM program, and begin identifying, assessing, reporting, and responding to risks.
- Monitor – Benchmark and track performance, gather feedback, and incorporate into a continuous learning life cycle for the enterprise.Analytix approach to Enterprise Risk Management is based on assisting organisations to adopt and embed a risk management system that comprises of the eight risk management elements defined by the ISO 31000 Risk Management Standard as complimented by the COSO – Enterprise Risk Management framework and is designed to achieve compliance with the following regulations / best practices / standards where required
This Enterprise Risk Management framework and methodology can be implemented by organisations of all sizes, in all sectors: public, private, non-profit, educational, manufacturing, etc.
COSO ERM
The COSO – ERM framework forms the basis upon which our approach to Enterpise Risk Management methodology is based. The COSO ERM Framework has eight Components and four objectives categories.
The eight components components are:
- Internal Environment
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information and Communication
- Monitoring
The four objectives categories are:
- Strategy – high-level goals, aligned with and supporting the organization’s mission
- Operations – effective and efficient use of resources
- Financial Reporting – reliability of operational and financial reporting
- Compliance – compliance with applicable laws and regulations
ISO 31000:2009 – Risk management – Principles and Guidelines
ISO 31000 is the international standard for risk management. By providing comprehensive principles and guidelines, this standard helps organizations with their risk analysis and risk assessments. Whether you work in a public, private or community enterprise, you can benefit from ISO 31000, because it applies to most business activities including planning, management operations and communication processes.
Whilst all organizations manage risk to some extent, this international standard’s best-practice recommendations were developed to improve management techniques and ensure safety and security in the workplace at all times. By implementing the principles and guidelines of BS ISO 31000 in your organization, you’ll be able to improve operational efficiency, governance and stakeholder confidence, while minimising losses.
This international standard also helps you to boost health and safety performance, establish a strong foundation for decision making and encourage proactive management in all areas.
Depending on the scope of work and terms of refererence, typical deliverables of an Enterprise Risk Management programme implementation project may include:
- Scope
- Documentation
- Enterprise Risk Management Training and awareness
- Risk Management lifecycle
- Risk Management Policy
- Risk Management Framework
- Risk Management Methodology
- Roles and Responsibilities
- Internal Environment
- Strategic Planning and Objective Setting
- Event Identification
- Risk Assessment Process and Procedures
- Risk Response Process and Procedures
- Control Activities
- Information and Communication
- Risk Monitoring
Our COSO ERM and ISO 31000 aligned Enterprise Risk Management consultancy delivers real business benefits:
- An accurate view of current and near-future risks
- End-to-end guidance on how to manage risks
- Integration with the overall risk and compliance structures
- A common framework/language to help manage the relationship amongst executive decision makers, management, staff, risk management, or between auditors and management
- Promotion of risk responsibility and its acceptance
- A complete risk profile to better understand risk
- Aligning risk appetite and strategy
- Enhancing risk response decisions
- Reducing operational surprises and losses
- Identifying and managing multiple and cross-enterprise risks
Train Your Team In-house
Frequently Asked Questions
Use our FAQ to quickly find the answers to the most common questions asked by customers.
Why choose us?
We have over 22 years of experience in helping businesses and employees reach their potential with advanced skills and certifications, no matter what their industry or background experience.
All our services are bespoke, which means we offer the freedom and flexibility to create a solution specific to your industry & training needs.
We can use one or more of our services to deliver the outcome required to gain the maximum results for your business.
Specialist Consultancy Services
We offer a free introductory consultation service, to get an understanding of your organisation, your working environment & your training needs.
Our expertise & experience, combined with your working knowledge, delivers results that are practical & specific to your needs.
Training That Works
We have been involved in many differing, diverse & interesting projects & we have built relationships with organisations from varying industries & sizes. Our efficient, cost-effective and engaging training courses are designed for your company and team to improve the overall business performance and equip employees with up-to-date skills and knowledge.
Talk to us today, and let us help you develop your team with our bespoke training and consultancy services.
Do you only deliver training in Johannesburg?
No, we deliver training in all 9 provinces within South Africa. We have also delivery training in several countries such as Belgium, The Kingdom of Saudi Arabia, Togo, Zambia, Rwanda, Tanzania and Swaziland.
What are the minimum and the maximum number of candidates we can train in-house?
The minimum number of candidates required for in-house training is 6. With regard to the maximum number, this depends a little on the size of the training room you have available, but we normally say between 15 – 25.
Can you tailor the course to our specific requirements?
Yes, all of our courses can be tailored to your requirements. We will aim to refer to working examples within your business or industry.
Who are your clients?
Our clients come from companies and organisations of all sizes within the public and private sector. We work in most industries and have a proven track record of delivering high levels of customer satisfaction. See some of the names we have worked with here.

Instant Purchase in 4 easy steps!
- Pay with card
- Receive an instant download link
- Click on the download link
- Files download straight to your PC