• A
  • A
  • A
  • C
  • C
  • C
  • C
  • MEA
Enterprise Risk Management
Home » About Us » Good Corporate Governance » Enterprise Risk Management

Enterprise Risk Management

Definition of Risk Management


Unexpected situation being unsettled or in doubt or dependent on chance about its affect and likelihood.


Uncertain situation which effect with objective and goal in positive.


Uncertain situation which effect with objective and goal in negative.


Processes or mechanisms are specified by organization to support business succession and achieving their target. These control methods include prevention, detection and correction.

Risk management

Determine the way and process that specify analyze, assess, manage, follow-up and communicate risk organization because these can reduce losses and increase opportunity for business. Moreover Risk management means integration of organizational culture, process and structure which effect with efficiency and benefit.

Enterprise Wide Risk Management

Risk management has structure process and organizational culture is integrated mutually. Their features are
    • 1

      Cross-funtional and it is a part of business. Risk management must conform to business plan, objective, decision and apply to other components

    • 2

      To consider overall risk and cover risk of organization such as strategy, operation finance and compliance when risk occurs, it may cause loss, uncertainty and opportunity including to the impact of objective and stakeholder requirement.

    • 3

      Provident conception, consider what risk may be occur and have an affect on objective including to prepare risk management plan.

    • 4

      Reinforcement and cooperation, everyone is in organization that is director, top excusive and staff must take part in risk management.

Risk Management Framework

MEA deploys risk management framework of the committee of Sponsoring Organization of the Tread way Commission or COSO. This enterprise risk management framework is geared to achieving an entity's objectives, set forth in four categories:
    • Strategic Objectives

      The high-level goals that aligned with and supporting its mission. Organization specifies strategic objectives because they desire to select the best alternative or the method that make the value added for stakeholder.

    • Operations Objectives

      the objective is specified for practical part or operations that focus on effective and efficient use of its resources.

    • Reporting Objectives

      this objective focus on reliability of making reporting both financial reporting and non-financial report which are presented to internal and external users.

    • Compliance Objectives

      this objective aim at compliance with applicable laws and regulations.

Components of Enterprise Risk Management

Enterprise risk management consists of eight interrelated components. These are derived from the way management runs an enterprise and are integrated with the management process. These components are:
    • 1

      Internal Environment – The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity's people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.

    • 2

      Objective Setting – Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity's mission and are consistent with its risk appetite.

    • 3

      Event Identification – Internal and external events affecting achievement of an entity's objectives must be identified, distinguishing between risks and opportunities.Opportunities are channeled back to management's strategy or objective-setting processes.

    • 4

      Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis.

    • 5

      Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity's risk tolerances and risk appetite.

    • 6

      Control Activities – Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.

    • 7

      Information and Communication – Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity.

    • 8

      Monitoring – The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both.