COSO ERM application
COSO ERM application is done across the enterprise. This can be accomplished, however, within a specific unit, subsidiary or division, representing a form of “partial adoption” while still retaining an enterprisewide focus.
The application of ERM to strategic operating units works because such units often have distinctively different objectives and strategies, manage distinctive product groups, serve heterogeneous markets and act as standalone profit centers.
Therefore, they have distinctly different risk profiles. Executive management at the parent level may even foster, explicitly or implicitly, a competitive environment among different strategic units.
If so, the risk profiles for separate business units may differ to such an extent that it may be appropriate to evaluate and manage them separately. In such circumstances, a decentralized approach may make more sense with ERM applied at one or more selected operating units.
Ultimately, taking an enterprisewide view means achieving the highest level of risk-adjusted return possible from the resources available to managers within the defined enterprise boundaries, whether for a specific operating unit or for the enterprise as a whole. From a risk management standpoint, this view has to be consistent with executive management’s view of the organization.
If management takes a centralized view of the business, an enterprise view must of necessity extend to the entire organization. On the other hand, if management has a decentralized view of the organization with different units operating autonomously, an enterprise view would apply at the unit level.
COSO ERM application superceds traditional risk management model.