At this stage, a library of processes and sub-processes is defined. The underlying risk under each of the sub-processes is then identified. In addition, the loss data capture processes are reviewed and defined. The template for capturing loss events is also defined under this stage.
At this stage, risks are assessed based on templates specifically designed according to the nature of risk. In case of risks that can be quantified, the measurement models are defined. Additionally, at this stage, the loss data captured is analysed to assess the likely impact on an organisation's capital.
At this stage, underlying controls vis-à-vis the risks are identified and assessed for effectiveness and comprehensiveness. Based on the risk and control assessment, a corrective action plan is defined. In addition, a limit management framework to mitigate the impact of risks is defined.
At this stage, the risk management monitoring and reporting templates are defined, which would be critical to ensure that there is no oversight by the board of directors and senior management. The related reporting frequency and workflow is also defined.
The ultimate objective of the ERM process is to ensure that risk management is embedded into strategic decision making. Accordingly, a framework for risk-based pricing and a risk-based portfolio strategy is designed to ensure risk-based decision making.