ERM cannot be seen as a static one-time process, but it must be embedded in the organization and dynamically adapted to the changing internal and external environment.
The aim of this work is the definition of a holistic approach to assess the maturity level of ERM within an organization, following the principles defined by The Committee of Sponsoring Organizations of the Treadway Commission (2004b) in the “Enterprise Risk Management—Integrated Framework.”
The approach is transferred into an application tool, EnteR, for an automated and guided maturity-level assessment.
By means of EnteR, an organization can evaluate the eight components of the framework: internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication and monitoring. EnteR helps organizations to assess the maturity level of the ERM, highlighting strengths and weaknesses from which a prioritized list of measures is derived, whose implementation helps to fill existing gaps in ERM.
The Enterprise Risk Management tool functionalities include:
- identification of weaknesses
- identification of strengths
- definition of a prioritized measures list
- assessment of the maturity level of ERM
- documentation of the ERM
- overview of results considering different dimensions
- multi-period assessment on different reference dates
- overview of multi-period results considering different dimensions.
The ERM evaluation tool can be used as a benchmark for assessing different organizations for equivalent comparison.
A structured collection of elements describes characteristics of ERM. The approach is composed of more than 100 elements with more than 600 corresponding criteria.
