IEEE Enterprise Risk Management (ERM) Program
A strategic business process that supports the achievement of an organization’s objectives through the identification, analysis, evaluation, and management of those risks whose nature would materially impact an organization’s ability to achieve its strategic goals.
The ERM process
- Encompasses all areas of an organization’s exposure to risk including but not limited to, financial, operational, reporting, compliance, governance, strategic, and reputational risk exposures;
- Prioritizes and manages those exposures as a portfolio in full recognition of their interrelation rather than as a series of unrelated risk exposures;
- Evaluates the risk portfolio in the context of significant internal and external environments, systems, circumstances, and stakeholders;
- Provides a structured process for the management of enterprise risks, whether those risks are primarily quantitative or qualitative in nature;
- Views the effective management of risk as a competitive advantage; and
- Seeks to embed risk management as a component in all critical decisions throughout the organization.
The Risk Identification and Assessment Group (RIAG)
The purpose of the Risk Identification and Assessment Group (RIAG) is to identify and assess risks inherent to the organization’s strategic objectives, goals, and operations that are of such a nature as to have a material impact on the organization’s achievement of its strategic goals.
This identification and assessment of risks is critical in the implementation of an enterprise risk management program.
The RIAG will draw on senior representatives from IEEE’s various lines of operations and management. These representatives need to be knowledgeable regarding their respective areas, empowered to act on behalf of these areas, and have the full support of their senior management.
They will need to understand and advocate the Enterprise Risk Management (ERM) process.
They will act as a proxy for and be considered the champions of enterprise risk management on behalf of their respective areas.
The RIAG will consist of a Standing Committee that will include a senior representative from the offices of:
IEEE Executive Director
IEEE Chief Financial Officer
IEEE Enterprise Risk Management Program Manager
IEEE Legal Counsel
The Standing Committee will be joined by Members-at-Large consisting of representatives from:
• Membership • Standards Association
• Publications / Publishing • Technical Activities
• Conference Management • Governance
• Human Resources • Facilities
• Information Technology • Sales & Marketing • Internal & Operations Audit
• International Regulatory Compliance Office
Duties and responsibilities of the RIAG
- Provide leadership in the identification, analysis, evaluation, management, and monitoring of IEEE’s cross-organizational issues related to enterprise risks;
- Construct a risk assessment methodology for continuously identifying and assessing enterprise risks, both internal and external, across IEEE;
- Assist in the development of mitigation strategies for identified and assessed enterprise risk exposures;
- Foster enterprise risk awareness and understanding through discussions and training forums with councils and other employee groups;
- Assist in the elimination of functional, cultural, and department barriers in dealing with IEEE’s enterprise risks;
- Assist in the development and provision of annual reports regarding progress in the identification, analysis, evaluation, management, and monitoring of enterprise risks to the IEEE Board of Directors, the IEEE Management Council, and Major Boards as requested;
- Monitor the progress of IEEE’s ERM program; and
- During the term of their service as a member of the RIAG have specific performance metric related to their service on the RIAG included as part of their individual overall Performance & Incentive goals & objectives.