The following list was published by James Lam in 2005 and sums up the top ten best practices and hallmarks of ERM
1. Engaged senior management and board of directors that set “the tone from the top” and provide organizational support and resources.
2. Independent ERM function under the leadership of chief risk officer (CRO), who reports directly to the CEO with a dotted line to the board.
3. Top-down governance structure with risk committees at the management and board levels, reinforced by internal and external audit.
4. Established ERM framework that incorporates all of the company’s key risks: strategic risk, business risk, operational risk, market risk and credit risk.
5. A risk-aware culture fostered by a common language, training and education, as well as risk-adjusted measures of success and incentives.
6. Written policies with specific risk limits and business boundaries, which collectively represents the risk appetite of the company.
7. An ERM dashboard technology and reporting capability that integrates key quantitative risk metrics and qualitative risk assessments.
8. Robust risk analytics to measure risk concentrations and interdependencies, such as scenario and simulation models.
9. Integration of ERM in strategic planning, business processes and performance measurement.
10. Optimization of the company’s risk-adjusted profitability via risk-based product pricing, capital management and risk-transfer strategies.