Enterprise Risk Management
Key subject details
Subject | Enterprise Risk Management |
Description | This subject allows students to develop an enhanced knowledge of enterprise risk management practices to assist the board, or other governing body, to determine its strategic responsibility for risk taking, how different risks operate within the context of existing enterprise management frameworks, formulate the organisation’s attitude and policy to risk appetite, tolerance for key individual risks, and ensure clear lines of accountability. |
Year of delivery | 2024 |
Award | Graduate Diploma of Applied Corporate Governance and Risk Management |
Chartered Governance Institute Qualifying Program | Chartered Governance Professional |
Core/Elective | Core |
Australian Qualification Framework (AQF) level | 8 |
Subject credit points | 10 |
Total course credit points | 60 |
Pre-requisites | None |
Assumed knowledge | Risk and Compliance
Non-award students who enrol in Enterprise Risk Management without first completing Risk and Compliance should ensure they have appropriate work experience in risk management or underlying knowledge in the content areas covered in both these subjects. |
Mode of study | Online |
Part-time/Full-time | Part-time over one semester |
Teaching weeks | 12 |
Student workload | 164 hours comprising:
|
Assessment task (Weighting) | Presentation (20%) Assignment (30%) Examination (50%) |
Key contacts | Further information to assist you in your studies at Governance Institute can be requested from: education@governanceinstitute.com.au. |
Subject aims
This subject has been designed to:
- give students a solid understanding of ERM and its relevance to corporate governance, financial management, project management and other aspects of corporate strategy
- provide a sense of how global events and trends affect enterprise risk management and sharpen the focus of regulators, communities and stakeholders on risk management as an aspect of good governance and corporate value
- summarise the new and emerging sources of risk, in areas such as social media and corporate reputation, changing regulatory and social responsibility environment, critical data and information management, global volatility and technological change
- provide a detailed understanding of the tools and methods used to effectively manage risk, such as risk identification, quantification, reporting and analysis, and how these methods enable and support prudent risk-taking and risk-informed decision making
- provide a thorough understanding of how risk management can be applied in a range of contexts, using the Australian Standard AS ISO 31000:2018 Risk management — Guidelines as a set of guiding principles for ERM, along with other applicable Standards and guidelines.
Throughout this subject, reference is made to the Australian Standard on risk management, AS ISO 31000:2018 Risk management — Guidelines. AS ISO 31000:2018 was issued by Standards Australia and is identical to the international Standard ISO 31000:2018 Risk management — Guidelines and provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organisation.
Subject learning outcomes
- Understand and apply the foundations, concepts and principles of enterprise risk management (ERM) and its connection to technical or discipline-specific risk management
- Analyse and explain the relevance of ERM to corporate governance, strategic planning and corporate social responsibility
- Recognise how organisational culture enables and supports ERM and critically apply methods for developing, enhancing and sustaining a mature risk culture
- Critically appraise and report to stakeholders on the organisation’s risk exposure and risk mitigation in the context of its strategic direction, reputation and long-term viability
Indicative content
The subject is divided into the following 12 modules:
Module 1 — Enterprise risk — Strategy, performance and objectives
- The nature of risk
- Risk, strategy, performance and objectives
- Risk, governance and assurance
- Risk at the enterprise level
- ERM standards and guidelines
Module 2 — Risk types and categories
- Opportunity and adversity risk
- Risk hierarchy
- Conventional risk categories
Module 3 — Risk policy and leadership
- Risk assurance
- The board and management
- Risk appetite and tolerance
- Risk policy and oversight
- Risk accountability
Module 4 — Risk disciplines and perspectives
- Risk, innovation and growth
- Risk and harm avoidance
- High reliability organisations
- Emerging risk perspectives
- Risk velocity
Module 5 — Resilience management
- Emerging risk
- Business continuity
- Case studies
Module 6 — ERM in practice
- A portfolio view of risk
- Assurance
- ERM and business decision-making
Module 7 — ERM, governance and reputation
- ERM and governance
- ERM and compliance
- Reputation – The ultimate risk impact?
Module 8 — Social and organisational context
- Risk and organisational culture
- Decision-making
- Risk culture
- Psychology of risk-taking
Module 9 — Reporting and documentation
- Risk reporting
- Risk registers
- Risk heat maps and profiles
- Risk dashboards
- ERM reporting and documentation in practice
Module 10 — Complexity, change and organisational maturity
- ERM and rapid change
- Complexity and ERM
- Organisational maturity and risk maturity models
Module 11 — The benefits of ERM
- The business case for ERM
- Case studies in ERM
- Evaluating the benefits of ERM
- ERM and other initiatives
Module 12 — Key themes and revision
- ERM purpose and context
- ERM in practice
- The future of ERM
- Examination preparation and technique
Required resource
Students are required to access a full copy of the Australian Standard AS ISO 31000:2018 Risk management — Guidelines.