Blog Img

Enterprise Risk Assessment and Management

The client: a community bank that focuses on commercial and agricultural lending with assets of nearly $500 million.

Need

The client recognized that to be successful, it needed to take the next step in managing the organization’s risk through a full-fledged Enterprise Risk Management (ERM) process and infrastructure. It sought to identify and evaluate all risks – not just operational risks evaluated by internal audit, regulatory risks evaluated by the compliance function, or credit risk evaluated by loan review. The ERM process also had to be integrated into the client’s business practices and adopted by all levels of the organization.

Reason

The bank was growing much more rapidly than originally planned or anticipated. As it approached $500 million in portfolio size, more regulatory scrutiny and greater external auditor independence was needed. Adequately skilled resources were not available internally to execute or support the development and implementation of an ERM process.

Capabilities

Bank management wanted to partner with a firm with a strong risk assessment/risk management background and proven methodologies. Its risk management committee selected Experis Finance for those reasons. Our financial institution experience and stellar feedback from client references were also contributing factors in the decision-making process.

Our Solution

The Finance recruitment team provided risk assessment/risk management experience, facilitation skills and industry experience. The team conducted facilitated sessions and one-on-one interviews with the client’s ERM project team and other key personnel, using a phased approach to attain the bank’s ERM goals. We:

• Identified business entity attributes including, but not limited to, organizational goals, purpose and strategic objectives to develop the enterprise business models.

• Developed an enterprise architecture map that defined the links, interdependencies and reporting relationships among the business entities, business units, external stakeholders and outsourcers.

• Identified and confirmed risk areas comprising the total risk universe.

• Identified the risk factors, risk factor definitions and rating scale to be used to evaluate risk exposure for each risk area in the risk universe.

• Compiled a Risk Severity Score for each risk area. Following the Risk Severity Assessment, a Tolerance Assessment was conducted to identify management’s tolerance (high, medium, low) for each risk area.

•Assessed the vulnerability and/or client’s preparedness to mitigate each risk area.

•Developed an internal audit plan using the information obtained from our phased approach.

Results

Upon completing the facilitated sessions, the CEO reported that some of the management team were identifying new services/processes, leveraging the information we provided and realizing significant benefits from the ERM process. The ERM process identified (and confirmed) information technology as a high-risk area that needed to be addressed immediately, prior to the FDIC review, which identified the same high risk.