Enterprise Risk Management

Economic and technological developments have brought about complex business structures, where many activities are carried out in a long period of time with a large number of people and hierarchical organizational arrangements are constantly evolving. This situation has made the operations of the enterprises unobservable by simple control methods. COSO (The Committee of Sponsoring Organizations), which consists of five independent professional organizations in the USA, led to the transformation of internal control environment, risk assessment, control activities, information, communication and monitoring into a standardized structure in enterprises. The COSO internal control model is structured around the effectiveness and efficiency of business activities, the reliability of financial reports, and compliance with applicable laws and regulations. Then, with the ISO 31000 Risk Management System Standard, the risk management standards have been determined. ISO 31000 Risk Management System Standard recommends organizations to develop a framework that aims to integrate the risk management process with all management, strategy and planning, management, reporting process, policies, values and culture of the company.

Enterprise Risk Management (ERM) module has been created in compliance with these standards.

General operation

There are four main risk groups in the Enterprise Risk Management module:

• Strategic
• Financial
• Operational
• Compatibility / Disaster

The following steps are taken to manage risks:

1. Identifying and specifying the risks and defining the group to which they belong.

Companies determine their risks by taking internal audit processes into consideration. Appoints responsible and managers for the risks. Determines the risk measurement periods and how the measurement is carried out.

2. Evaluation of risks

• The main risk assessment methods used are:
• Brainstorming
• Scenario analysis
• Profit / Cost analysis
• Reason tree analysis
• Error impact analysis
• Result / Probability matrix

3. Running the risks, sorting the risks according to the results and determining the risk control methods

Risk control methods used:

• Avoidance: The enterprise terminates the related activity
• Prevention: Reduce the likelihood of risks
• Protection: Reduce the impact of risks
• Distributing: Distribution of activities so that all operations of the business are not harmed by risk
• Transfer: Transfer of risks to third parties or institution

4. Selection, implementation and monitoring of risks

• Configurable module parameters
• Identifying additional risk group
• Defining probability and effect scales
• Defining flexible measurement period
• Using data from each module in the system

Reporting

When the risks defined in the module are run at specified times, the results are shown both graphically and as a report.

Integration

As the Enterprise Risk Management module is fully integrated into the system, it can use the information in any module of the system to measure risks.

Features overview

• Configurable module parameters
• Identifying additional risk group
• Defining probability and effect scales
• Defining flexible measurement period
• Using data from each module in the system