Enterprise Risk Management (ERM) - as mandated by Companies Act of 2013
ERM is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives (COSO).
Enterprise risk management was not mandatory according to Companies Act 1956. However, as per the new Companies Act of 2013, there are specific requirements e.g., under section 134, 177 and schedule IV, that a company needs to comply with. The board of directors, including executive management, must assess the risks arising from various factors, including identification of elements of risk, if any, which in the opinion of board may threaten the existence of the company. They also should ensure that risk management is embedded across all the business units and critical support functions.
How we can help?
Assisting with enterprise wide proactive risk assessment;
Development of ERM Framework and related policies;
Development of function / department wise risk registers with prioritized risks, risk drivers, identified KRIs, risk mitigation plans;
Workshops on ERM;
Assist with implementation and monitoring of ERM Framework