Reference no: EM132387568
If I were the ERM consultant for Intuit, I would recommend Risk Score Card to re-implement their ERM. Intuit as a company focusses more on their strategic plans and they consider ERM to be part of any individual or teams associated with the company. ERM is an authority by which a company in an industry gains access, controls, exploits, and monitors risks from all avenues with the intention to increase the firm's long and short-term value for its stakeholders (Saeidia, Saeidia, Sofiana, Saeidib, Nilashic, Mardania, 2019). Considering their organizational structure, strategic goals, culture and management I believe that developing their ERM program with Risk Score card will be useful to the organization. Risk score card is developed with strategy as a focus element thus it fits well with the requirement for Intuit. To develop ERM program with Risk score card we need to fulfill following requirements:
Identifying goals, vision and strategy of the organization
Identifying the major risk elements throughout the organization
Scoring the risks with respect to the objectives
Measuring the impact of the risk with respect to strategic objectives
Measuring impact on the performance due to risks with respect to strategic objectives
Identifying the key indicators of the risk so as to avoid it in the future
Determining the follow up action steps to mitigate the risk
With this ERM approach we can achieve a lot of key factors including risk assessment, risk measurement, risk identification, risk culture, impact of risks on various strategies, risk reporting, enterprise risk management process etc.
2. The management of Intuit wishes to implement a new ERM approach. The firm has discovered that it has to start over and guarantee its stakeholders of improved performance (Fraser, Simkins, Narvaez, 2015). I will assist the firm to implement the most efficient approach that suits its activities. My organization notes that it can apply the PM2 scorecard to ensure that it identifies the challenges that affected its previous model. The approach utilizes five stages to undertake the ERM process (Fraser et al. 2015). Moreover, it has the opportunity to determine whether the ISO 31000, which is highly conventional.
I prefer that Intuit employs the ISO 31000 ERM model since it has more benefits than the PM2 Scorecard. The scorecard will necessitate the firm to follow a distinct process to perform the risk assessment process (Fraser et al. 2015). It will also require prior knowledge regarding the impacts and likelihood of risks. However, Intuit lacks reliable records to offer such information. The formula used in the scorecard are also unreliable (Fraser et al. 2015). The presence of confounding variables can enlarge a risk score and lower the efficiency of the risk mitigation process.
The ISO 31000 suits Intuit because it is easy to implement. The firm will only install the required applications and execute the risk assessment process (Fraser et al. 2015). Moreover, the programs can be accessed easily. Therefore, the risk mitigation process is highly straightforward. The process does not require scoring of the risks before determining the most critical. The employees will only carry out the risk identification process (Fraser et al. 2015). The duplication associated with the scorecard makes it highly impractical.
3. Previous reports show that performance measurement at Intuit's ERM program hasimproved over the years. As this program matures over time, increasing its complexity andvalue, performance measures and reporting likewise evolve. In particular, the approach to thisperformance measure has been updated to keep its relevance and flexibility with respect to theorganization's risk level and management maturity. Intuit's ERM program, like many othercompanies' programs, includes an annual risk assessment that provides an enterprise-wideunderstanding of critical risks (Orenstein, 2015). This creates a more focused culture for anorganization and a profound perspective on risk.
For Intuit to re-implement a new ERM program, it needs to get the fundamentals right toestablish an ERM framework and an implementation plan. A comparison of the two models froma source CAN/CSA-ISO 31000, Risk management -Principles and Guidelines, International Standards Organizations/ Canadian Standards Association (2009) shows that ISO 31000 is muchsimpler to implement compared to the complexity of pm 2 risk scorecard (Fraser, Simkins, &Narvaez, 2014). Edmonton Police Service(EPS) presented the ERM process based on ISO 31000framework and EPS have for five years, evolved a mature ERM process based on in-depthperformance measurement tools to identify and treat its risks.In a nutshell, it is thus recommended to re-implement Intuit's ERM using the ISO 31000method due to its flexibility as opposed to the pm 2 risk scorecard's difficulty in the mitigationprocess.