Describe about the Enterprise Risk Management Plan.
The study comprises of the information and analysis on the gathered information regarding the Enterprise Risk Management Plan. The analyzed information later will be utilized for the purpose of using it for water and sewerage authority of Trinidad and Tobago.
The activity, enterprise risk management, is based on four phases such as designing-planning, developing-benchmarking, measuring-monitoring, and learning-reporting (Abrams et al. 2012, 221). The activities are carried out by the enterprises for minimizing the consequence of risks on its profit and fund (Ballantyne 2013, 56). The risk handling plan is not only about the managing the risks that can create accidental losses but it also manages the risks that are related to strategic, financial, and operational and various other risks. For reducing the risk issues in the water and sewerage system, all the described phases will be properly executed.
2. Enterprise Risk Management
The only truth that never changes is that in the enterprises the change as well as the opportunities and risks that the related to that particular change is constant. In the current year, the enterprise risk management or ERM has serious attention of the enterprises because of the external factors (Bromiley et al. 2015, 269). It has become mandatory for the private and government industries, even the investors, to examine the management policies and activities of an ERM. The change in various aspects of society and technology is another reason of enterprise’s risks.
The Committee of Sponsoring Organizations of the Treadway Commission or the COSO defines Enterprise Risk Management in the following manner (Jeppesen et al. 2015, 62):
According to Banerjee (2016, 68) “Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
The above mentioned quote reflects the following fundamental concepts about the Enterprise resource management framework:
- Enterprise resource management is essentially an ongoing process that is conducted in a continuous manner in an organization (Antweiler 2014, 45).
- The process is undoubtedly affected by the decisions of the higher management that drives the organization.
- The said process is employed across all sections of the enterprise and across all levels (Ballantyne 2013, 87).
- The process is essentially aimed at the identification of those events that have the potential of generating risk scenarios: the identification of such incidents is essential so as to develop the strategies for mitigating them (Banerjee 2016, 71).
2.1 Objective of the Enterprise risk management process
Researchers Barton, Shenkir and Walker (2012, 155) are of the opinion that framework of the Enterprise risk management process is designed in manner so as to achieve the objectives of an entity, the objectives belonging to the following categories:
- Strategic: The high level goals of the organization in concern, the goals being aligned with the mission and vision of the organization in consideration (Baxter et al. 2013, 1273).
- Operations: The optimized utilization of the resources available to the organization
- Reporting: The reliability and the efficiency with which the organizational reports are generated (Bromiley et al. 2014, 273).
- Compliance: The compliance of the organizational activities with the legislative laws and regulations of the country is also rudimentary.
According to Lautze et al. (2014, 61), the objectives that relate to compliance and the report are essentially with regulations and laws which are inside the organizational control, enterprise risk management which is expect to give sensible assurance of reaching those goals. Accomplishment of operation and strategic goals, however, it is related to outer events and not always inside the organizational control. For this goals the enterprise risk management can given a sensible assurance that the board and the management in default role, which are aware in time of the degree to which the organization is going towards the accomplishment of the goals (Pritchard and PMP 2014, 31).
2.2 Components of ERM
Eight correlated elements are there in ERM (Enterprise Risk Management). Now these components are taken out from the management that operates an organization and are implemented with the workflow of management (Quadri, Komal and Khalil 2015, 209). These components are mentioned below in detail:
Inner Environment: It surrounds the voice of an enterprise, and sets the base for how the risk is reviewed and consider by an organizational individual who includes risk managements concept and integrity, risk appetite, environment and the ethical values.
Event Identification: The external and internal events affect the accomplishment of an organization’s goals that must be located and differentiate between the opportunities and risks. The possibilities are rolled back to the organization management goal setting processes or strategy.
Set Objective: The existence of objectives is must preexisting management that can locate the potentials events which affects the organization accomplishment (Toze 2016, 150). ERM make sure that the management has in space to flow to set the targets and that selected targets align and support with the organization’s missions and are uniform with their risk appetite.
Risk Response: Risk responses is selected by management- accepting, decreasing, avoiding or risk sharing- creating a set of activities for risk alignment with the organization’s risk appetite and tolerances.
Monitor: The whole of ERM is reviewed and changes are done if required. Monitor is achievement through continual management actions or separate reviews (Warrick and Ekwue 2014, 225).
Control Activities: The procedure and policies are creating and integrated to help and make sure the responses of risk are effectively moved forward.
Communication and Information: Specific and right data is located, gathered and communicated in a way and the timeframe which enables the individuals to understand their responsibilities. Good and useful communication also happens in a flowing down, larger sense, up the organization and across (Snyder 2013, 32).
The ERM is not strictly to be an ongoing process, where a single element affects only the next. It is said to have multiple directions or multidirectional and repetitive process in which any of the component does and can influence other component.
According to Sato et al. (2013, 12), the key elements of the Enterprise Risk Management are listed out below:
- Culture- Discipline.
- Basic Measurement
- Basic Language
- Comprehensive Reporting
- Corporate Risk Appetite
- Continual Development of Processes and Tools
2.3 The Significance of Change
Through the centuries one thing that has been learned is continuous change in everything is a part of life. The change in the technology and the social medians has the most significant impact on the repetitive nature of change (Covello and Mumpower 2012, 112). The change in policies, regulations and laws are a great factor in enterprise management plan. As the consumers are the source of any organizations profit, the change in culture is another factor in organizational change. The impact of change on organizational risks is very straight forward and direct (Driver and Bernard 2012, 531). The changes ask for creating other processes in the organizations that will be perfect for making the profit in future. The change in the organization's either in entire or partial processes are the source of risks (Dean et al. 2012, 243). It is because the changes may not be flexible enough to flow smoothly within the organizational activities, and also it can damage the working integrity or flow of the employees. If a change is not conducted with proper guidance, it can lead any organization toward a bitter future. Therefore, the change is a big factor in any small, medium or big enterprise.
2.4 Designing and Planning
An enterprise has to completely consider the effect of any considered change on the organization’s various business aspects (Lane et al. 2015, 141). For that reason, the proper designing and planning are very crucial. The risk management policy of an enterprise must be comprised of risk strategy, protocols, and framework. The risk management policies must be holding the following sections.
- Risk management goals and Internal control.
- The information regarding the control environment or risk aware culture.
- The view of the organization toward that risk (Dickinson 2011, 360).
- Criteria for benchmarking and monitoring risks.
- Risk processes and priorities regarding the forthcoming years.
- Training topics and priorities.
- Allocation of the proper resources for managing the risk (Driver and Bernard 2012, 538).
- The documentation to examine and reporting risk.
The comprehensive initiative in terms of ERM indicates the first step toward success. As the risk management’s improved standard is a progressive process, achieving it instantly is not possible (McNeil 2013, 2). During the development process, the scope and the initiative process of the ERM are being developed by the organization. The benefit of the organization decides the initiative and the scope of the enterprise risk management, and also it gets influenced by the requirements and expectations of distinct stakeholders in the organization.
The range of the risk management features depends on the nature of the enterprise. The risk supervision features that may sort from an individual risk champion to a part-time risk manager, to a full-scale risk administration branch (O'Donnell 2011, 181). The part of the inner review capacity will likewise vary from one association to another. In deciding the most proper part for inner review, the association needs to guarantee that the autonomy and objectivity of inward review are definitely not traded off.
2.5 Developing and Benchmarking
Risk assessment is a generally vital part of the risk administration process. So as to accomplish an extensive risk administration approach, an association needs to attempt appropriate and adequate risk appraisals (Hrudey, Hrudey and Pollard 2012, 951). The risk assessment will be required as a feature of the basic leadership forms planned to abuse business opportunities. One method for guaranteeing that risk is a piece of basic business leadership is to guarantee that a risk evaluation is connected to all methodology papers introduced to the Board. It is critical that the Board sets regulations regarding risk taking in approval of a variety of potential and existing risks, and a few connections have been created regarding risk longing announcement that is appropriate for all kinds of risks (Jaramillo et al. 2015, 20). It is basically straightforward for an organization to confirm that it has no intension of bringing about risk and un-well wellbeing. On the other hand, notwithstanding, maybe this must to be constructed into an understanding of concerns for security and wellbeing implementation. There exists a risk that risk hankering demonstrations ignore to be dynamic, and they can be obliged in terms of fast reaction and conduct (Jeppesen et al. 2015, 91).
2.6 Determining and Supervising
Keeping the record of the risk assessment in a risk register is a frequent incident. The document that is served as the risk register is an important part of the enterprise business and still there no such format that can be described as a used as suitable formats regarding constructing the documentation (Toze 2016, 158). Instead of considering the risk register as a static record in terms of the risks that the organization faces, it should be treated as a plan that describes the action that the organization is going to carry out against the existing and potential risks, and it holds the further information of the actions that are planned. In addition, observing the adequacy of the existing controls and the execution of extra controls, the cost-adequacy of the existing controls ought to likewise be checked (Quadri, Komal and Khalil 2015, 32). Furthermore, observing and measuring incorporates assessment of the risk mindful society and the risk administration system, and appraisal of the degree to which hazard administration errands are adjusted with other corporate exercises (Lane et al. 2015, 141).
Inspecting and calculating expand to the assessment of execution, society, and willingness of the enterprise (Lautze et al. 2014, 25). The scope of activities are being protected by measuring and checking, furthermore includes observing the risks regarding change suggestions and evaluation of the implementing of risk administration movements in the enterprise. In addition, regular observation of risks carrying out markers is an aspect of the recommendation (Mandri-Perrott and Stiggers 2013, 95).
2.7Reporting and Learning
Completing the input circle on the risk administration activity comprises of the important steps of obtaining as a matter of information and providing an account of implementation (McNeil 2013, 1). Keeping in concern the final objective to gain as a matter of fact, an organization requires auditing risk implementation pointers and measures the commitment that project risk management has carried out to the achievement of the organization (McNeil, Frey and Embrechts 2015, 66).
Various elements of obtaining as a matter of fact include evaluation of appraisal estimate and reports of the wellsprings of risk verification accessible to the committee and the study advisory group (Nankani 2012, 52). An evaluation of the level of confirmation that’s been acquired is likewise important. Notwithstanding inward correspondence and informing, there will be an obligation on associations to report remotely. Outside informing ought to provide valuable information to partners on the condition of risk administration also, the activities that are being made to guarantee the constant change in implementation (Nocco and Stulz 2012, 12).
2.8 Importance of ERM
ERM empowers an association to organize and allow assets against those risks that support the proceeded with maintainability of the association (O'Donnell 2011, 178). As it were, an association's capacity to keep up something of worth, taken as an example, the conveyance of administrations or items to clients) depends on its capacity to comprehend and get ready for those risks that may obstruct the accomplishment of its business targets/objectives or risks that could fundamentally impede its capital (Peters et al. 2014, 299).
ERM reveals risks keeping in mind the end goal to manufacture authoritative versatility furthermore, maintainability. Hierarchical versatility, or a venture's capacity to recoup rapidly from mishaps, is especially vital when a risk is unavoidable or non-transferrable. RM binds revealed risks to controls found in setting up administration frameworks (Petersa and Goberdhanb 2016, 33).
ERM, through association with Internal Audit, screens the association's trust in the built up control frameworks for dealing with the revealed risks. In conjunction with other risk partners, the ERM structure accommodates assessment of this administration control programs/forms also, frameworks (Pritchard and PMI 2014, 18).
ERM supports cross-utilitarian talk of potential unintended results. By setting up risk reporting as a major aspect of administration's typical business audits, at whatever recurrence bodes well for the association, the Chiefs have a more extensive point of view of the risk interdependencies (Nocco and Stulz 2012, 20). These interdependencies relate not just to the risks themselves, in any case, incorporate the particular risk medicines attempted for every risk.
3. Risk Management Plan
In every successful project, it is essential to incorporate a sufficient risk management plan and strategy for developing an appropriate method to handle potential risks associated with a particular project or even an organization (Sato et al. 2013, 6). For this purpose, a risk management plan consists of a number of systematic stages that are to be carried out in methodical, sequential as well as iterative manner. Almost every business industry and organizations needs to smartly deal with the emerging risks and threats and at the same time maintain their potential for growth (Shah et al. 2013, 130). However, a limited amount of risk is healthy and therefore, should be considered in order to ensure rapid growth and competitive advantage in the market. Risks are associated in every individual aspect of a project’s life cycle. A risk event may arise from a project’s scope, schedule, cost or even the project’s quality standards (Snyder 2013, 201). Thus, managing project risks is essential that in turn consists of a number of activities starting with identifying the potential risks, performing an assessment and analysis on the risks in order to prioritize them, undertaking suitable and appropriate risk treatment and risk mitigation strategies and ultimately monitoring and reviewing the identified risks throughout the life cycle of a particular project (Toze 2016, 154). To be more precise, a particular project associates with itself a number of risks, which is usually identified and managed by the project manager ahead of time for including them in the risk management plan for the project (Urbansky and Schock 2012, 85).
According to the Project Management Body of Knowledge (PMBoK) guide, risk management plan is concerned with analyzing and responding to the risks by minimizing the probability or the consequences and severity of impact associated with certain risk events (Warrick and Ekwue 2014, 5). The risk management plan specified in PMBoK methodology specifically involves a series of activities or stages. These stages and processes are interrelated with each other and share a common knowledge area gathered from the business or phases of a specific project undertaken by a company (Wu and Olson 2015, 9). These processes and stages are discussed individually in the sections as follows:
3.1 Risk Identification
Risk identification process particularly deals with determining the potential risks that are likely to crop up or emerge and thereby affecting the outcomes and objectives of a particular project, or an organization’s business scopes and life cycle (Shah et al. 2013, 135). Risk identification is an iterative process, which needs to be carried out on a regular basis throughout the life cycle of a project or venture.
Risk identification involves a number of activities like brainstorming and expert judgments for figuring out the potential threats and risk events both internal as well as external. The risk identification plan incorporates three basic components (Nocco and Stulz 2012, 15). There are described underneath:
Inputs: Identifying risks involves distinguishing the causes and corresponding effects. For this purpose, it needs a number of inputs for processing. These may involve a thorough and detailed description of particular service or product along with the associated technology, costs and schedule impacts (Urbansky and Schock 2012, 94). Precisely, it necessitates the major knowledge areas such as the work breakdown structure or WBS, estimates of costs and durations, staffing plan, procurement management planning details and other relevant documents and information (McNeil, Frey and Embrechts 2015, 56).
Tools and techniques: As discussed previously, risk identification process is typically carried out with the help of a number of tools, techniques, methods and mechanisms that are applied by the risk manager or the project manager of a certain organization. Some of these most popular tools and techniques for identifying risks include:
- Checklists: Checklists are developed based on the possible and potential sources of risks. It typically takes into account the processes, outputs, technology issues, required skills, resources and other internal sources (McNeil 2013, 1).
- Brainstorming: Brainstorming is another method employed for identifying potential risks. It involves looking closely into all possible aspects of the operational processes and departmental sources from where risks can possibly occur and figuring out the sources and causes of each corresponding risk (Mandri-Perrott and Stiggers 2015, 19).
iii. Flowcharting: flowcharting is an effective tool to identify and document the causes and effects of risks by understanding them in a clear and concise manner (Lautze et al. 2014, 49).
- Interviewing: conducting risk oriented interviews can effective help identify risks by the sessions and planning activities with the stakeholders.
Outputs: Outputs of conducting risk identification process with the aid of the tools and techniques as specified above, clearly helps in obtaining a number of useful and relevant information (Peters et al. 2014, 299). These include the potential risk events along with their individual characteristics and nature, the symptoms of risks as well as all the possible sources of risks.
3.1.1 Types of Risks
Internal risks: The internal risks are mainly caused by factors and situations that arise from within an organization involving mainly the functions and operations. Internal risks can be better forecasted and thereby has greater chance for successful reduction and mitigation (Lam 2014, 106). Internal risk factors can be a number of components ranging from human resource factors, operational and organizational culture, and technological factors and so on. To be more precise, different nature and kinds of human factors are there that can potentially impose risk events for an organization. Some of these factors include strikes, employee mismanagement, conflicts, and dishonesty by staff members, ineffective leadership or weak management expertise (Kimbrough and Componation 2012, 23). Apart from that, technological factors include unexpected changes and modifications, unforeseen scope creeps, changes in distribution or delivery process for a company’s services offerings. In addition to that, examples of physical risk events include damage or loss of organizational assets. Internals risks can also include inadequate IT support, infrastructural problems, and electricity supply issues and so on (Jeppesen et al. 2015, 36).
External risks: External risks most commonly arise from factors and elements outside the organization. It may include economic factors. These risks are usually more difficult to forecast and companies face significant challenges in properly dealing with the external risks (Jaramillo et al. 2015, 88). Most common external factors that cause potential threats include natural factors, economic factors and political factors. Economic risks can be unforeseen changes in the market conditions and a result significant financial loss. Natural factors imposing potential risk involve natural disasters and likely natural phenomena, which disrupts and affects normal operations of a business or organization (Hrudey, Hrudey and Pollard 2012, 948). Apart from that, political risks consist of sudden changes in the political environment. To be more specific, factors and situations that are outside the control of a particular company and usually harder to predict and manage are external risks, which can be economic upheaval, sudden bankrupt condition of vendors, crimes, wars, and other likely events that somehow affects the company and its undertaken ventures and projects (Hoyt and Liebenberg 2011, 796). A critical instance of external risk can be a revolutionary government taking over a certain project.
3.2 Risk Quantification
Risk quantification deals with evaluation of risks and interacting with the associated events so as to project outcomes. The opportunities and threats identified in the previous phase if risk identification are specifically considered in order to develop a particular strategy for quantifying as well as prioritizing them (Jaramillo et al. 2015, 50). The inputs to the risk quantification process essentially involve stakeholder risk tolerances, activity duration estimates, potential risk events and their individual corresponding characteristics, cost estimates as well as the potential sources of risks.
The typical tools and techniques most commonly employed and adopted in enterprise organizations involve statistical sums, expert judgments, decision trees, simulation methods as well as expected monetary value (O'Donnell 2011, 178). Apart from that, as a result of performing the risk quantification process, several opportunities are obtained for the purpose of pursuing and responding to the threats as well as potentially ignore or accept certain circumstances.
3.3 Risk Analysis
The risk analysis process is significantly complex and requires a detailed and in-depth knowledge and idea about the identified risk events in the initial step (i.e. risk identification) of the risk management plan. The risk checklists or registers are utilized for the attempt of performing a specific type of risk analysis strategy (e.g. either qualitative or quantitative analysis) (Covello and Mumpower, 2012, 120). It is majorly important for considering this particular risk management phase in every stage of a project’s life cycle in order to be able to successfully manage the project. Performing an effective risk analysis involves assessing the roles and responsibilities, budget, categories of risk, stakeholder risk tolerances in order to define the probability and impact of each individual risk, prioritize the risks accordingly and ultimately carry out and develop the final version of the probability impact matrix.
3.3.1 Quantitative Risk Analysis
Quantitative risk analysis technique typically focuses on the aspects of structured interviews and information modeling strategies. In addition to that, it includes decision tree analysis (as discussed in risk quantification section) (Barton, Shenkir and Walker 2012, 52). Sensitivity analysis deals with determining the severity of each individual risk. Apart from that, Monte Carlo analysis, Tornado diagrams and expert judgments are popular quantification tools.
3.3.2 Qualitative Risk Analysis
Qualitative risk analysis involves a number of tools such as assessing risk probability and impact for identifying the exact likelihood that a particular risk event will occur (probability assessment) as well as the potential effect of that event on the objective and outcomes of a business venture or a project including its quality, budget, schedule and performance (impact assessment).
Based on these assessments, the accurate evaluation of each risk is performed and therefore, the risks can then be prioritized using the Probability Impact Matrix. Accordingly, the risks are grouped to individual categories based on the high and low priority risks by giving them relative ranking or scores (Urbansky and Schock 2012, 79).
3.4 Risk Response Development
Risk response development is concerned with determining the suitable methods and strategies for planning, controlling and responding to each individual risk. For this purpose, PMBoK defines a typical risk response development process involving several steps to deal with responding to potential threats as well as opportunities (Allan 2015, 123). There are usually most common three classifications/ categories of responses. These are thoroughly discussed in the section below:
Risk Avoidance: Avoiding risks refers to taking particular action or step for the purpose of eliminating the risk by means of reducing the probability and/ or impact.
Risk Transfer: Transferring risks deals with shifting a particular risk to a third party so as to enable smooth management by transferring the liability. It can be done by taking out insurance, establishing contracts and so on.
Risk Mitigation: Risk mitigation strategy concerns with taking earliest possible action for attempting to reduce the impact and probability of a certain risk that occurs (Banerjee 2016, 70). Risk mitigation is adopted when it is observed that taking early action to manage the risk will be significantly more effective rather than trying to reduce the after effects and consequences for handling the loss or damage.
Risk acceptance: risk acceptance strategy concerns itself with the process of accepting the consequences there are two basic forms of acceptance viz. active and passive such as establishing a contingency reserve with respect to money, time or resources.
- Contingency plans: These are predefined actions and steps that are to be undertaken when a particular risk event identified before has already been occurred (Hoyt and Liebenberg 2011, 820). Contingency plans are considered as one of the major and essential components of a risk management plan and are integrated with the overall planning of a project.
- Alternative strategies: It deals with preventing against certain risky situations by means of altering or changing a preplanned approach.
iii. Reserves: Reserves are referred to typical provisions in the plan for mitigating costs or schedule risk.
3.5 Risk Monitoring and Control
There a number of effective ways and strategies for controlling risks. It involves reassessment of risks, audits, risk variance and trends analysis, technical performance measurement, meetings and so on. The variety of tools and techniques employed for monitoring and controlling risks essentially involve workarounds, taking corrective actions as well as making sure to include adequate and appropriate updates to the risk management plan (Dickinson 2011, 365).
Therefore, risk response control is important and crucial as the part of risk management plan, as it effectively manages change as they occur and also properly quantifies, identifies takes corrective responsive strategies in an iterative manner (Kimbrough and Componation 2012, 20).
The controlling of risk may involve selective alternative strategies, implementing a contingency plan, taking the right action, and rescheduling the project. The owner of risk response should report time to time to the project manger and the risk TL (Team Leader) on the impact of the plan and other unanticipated impacts and any mid level course verification required mitigating the risk.
3.6 Practical Implementation of ERM and Risk Management plans
3.6.1 ERM implemented by Water and Sewerage Authority of Trinidad and Tobago
WASA has embraced far reaching concentrates on and is finishing an assessment of vulnerability and risks. This suggests courses of action are as of now in progress for misfortune occasions that can happen amid the tropical storm or stormy season period. ERM indicates the first step toward success (Abrams et al. 2012, 220). As the risk management’s improved standard is a progressive process, achieving it instantly is not possible (Quadri, Komal and Khalil 2015, 23). During the development process, the scope and the initiative process of the ERM are being developed by the organization. The benefit of the organization decides the initiative and the scope of the enterprise risk management, and also it get influenced by the requirements and expectations of distinct stakeholders in the organization (Barton, Shenkir and Walker 2012, 55). The Project Management Institute’s PMBoK (Project Management Body of Knowledge) suggests the best practices for developing an appropriate and effective enterprise Risk Management Plan (Lam 2014, 40).
3.6.2 Disaster Management plan implemented by Water and Sewerage Authority of Trinidad and Tobago
WASA’s disaster management is characterized as a scope of exercises intended to keep up control over debacle and crisis circumstances and to give a structure to encouraging at-danger organizations to maintain a strategic distance from or recuperate from the effect of the catastrophe (Sato et al. 2013, 11). Calamity readiness is a scope of exercises in building up crisis arrangements, clearing arranges, prepositioning supplies, open mindfulness and preparing go for planning groups for the onset of a catastrophe.
The disaster management cycle outlines the progressing procedure by which governments, organizations, and common society arrangement for and lessens the effect of fiascos, respond amid and promptly taking after a fiasco, and find a way to recoup after a disaster has happened.
ERM Maturity Levels
The ERM Committee of RIMS (Risk and Insurance Management Society) developed the ERM maturity model, realizing the need for ERM education and mechanism. The individual levels of maturity helps risk management practitioners, regulators and senior enterprise leaderships to evaluate the adequacy and efficiency of their organization’s unique Risk Management Program and thereby determine the areas of improvement.
The risk and governance professionals within their corresponding organizations consider the Risk Maturity Model for Enterprise Risk Management (Smith 2013, 61). RMM can be a useful tool for risk managers across all industry levels and sectors, from financial institutions to individual risk managers. The main purpose of the ERM Risk Maturity Model is to provide an effective means for improving the ERM practices by serving both as a benchmarking and as an educational tool.
ERM classifies the maturity model into five individual levels of maturity. Any organization, including the water industries, essentially needs to apply these programs in order to achieve each level of maturity (Chofreh et al. 2014, 141).
Explanation: The maturity achievement scores on the ERM maturity model range from one to five and incorporate total 25 competency drivers. An organization having a score of three or above indicates that it has a presence of repeatable and above risk-based Enterprise Risk Management (ERM) Program (Smith 2013, 23).
It can be concluded that enterprise risk management plan is essential in almost every organization, industry and every fields of business to make sure a certain venture or project does not fail due to specific unwanted situations and suffering from potential damage and loss. ERMP or Enterprise Risk Management Plan typically incorporates a detailed systematic and methodical approach, which in turn involves a series of interrelated activities and stages and processes that takes care of managing potential risks that may crop up in the life cycle of a project undertaken by a particular organization or business. An enterprise has to completely consider the effect of any considered change on the organization’s various business aspects. Identifying new water sources by WASA will be significantly effective instead of concentrating on the reduction of the leaks and breakages, because of the highly increasing demands for industrial water resulting from rapid growth and development in the industrial sector. To be more precise, adding new sources to the network to increase water supply can be an effective alternative solution for the time consuming and low return procedure associated with detection and reduction of leakages.
Abrams, Carl, Juerg Von Kanel, Samuel Muller, Birgit Pfitzmann, and Susanne Ruschka-Taylor. 2012. "Optimized enterprise risk management." IBM Systems Journal 46, no. 2: 219-234.
Allan, Richard. 2015. "The impact of regulation, ownership arrangements, and management culture on risk management practices within the water industry."
Antweiler, Werner. 2014. Elements of Environmental Management. University of Toronto Press.
Ballantyne, Ryan. 2013. "An Empirical Investigation into the Association between Enterprise Risk Management and Firm Financial Performance." PhD diss., Lawrence Technological University.
Banerjee, Bhabatosh. 2016. "Enterprise Risk Management." The MA Journal 51, no. 3: 66-72.
Barton, Thomas L., William G. Shenkir, and Paul L. Walker. 2012. Making enterprise risk management pay off. FT Press.
Baxter, Ryan, Jean C. Bedard, Rani Hoitash, and Ari Yezegel. 2013. "Enterprise risk management program quality: Determinants, value relevance, and the financial crisis." Contemporary Accounting Research 30, no. 4: 1264-1295.
Bromiley, Philip, Michael McShane, Anil Nair, and Elzotbek Rustambekov. 2015. "Enterprise risk management: Review, critique, and research directions."Long range planning 48, no. 4: 265-276.
Chofreh, Abdoulmohammad Gholamzadeh, Feybi Ariani Goni, Awaluddin Mohamed Shaharoun, Syuhaida Ismail, and JiÅ™í Jaromír Klemeš. 2014. "Sustainable enterprise resource planning: imperatives and research directions." Journal of Cleaner Production 71: 139-147.
Covello, Vincent T., and Jeryl Mumpower. 2012. "Risk analysis and risk management: an historical perspective." Risk analysis 5, no. 2: 103-120.
Dean, Jonathan ME, Fredericka Deare, Keizel Kydd, Jennie Ward-Robinson, and Paul R. Hunter. 2012. "Rainwater harvesting in rural Trinidad; a cross sectional, observational study." Journal of Water Sanitation and Hygiene for Development 2, no. 4: 241-249.
DeLoach, James W. 2012. Enterprise-wide risk management: strategies for linking risk and opportunity. Financial Times Prentice Hall.
Dickinson, Gerry. 2011. "Enterprise risk management: Its origins and conceptual foundation." The Geneva Papers on Risk and Insurance. Issues and Practice 26, no. 3: 360-366.