Risk management cost efficiency ratio

This measure calculates the ratio of costs associated with risk management activities to the financial benefits achieved through those activities. This Cost Effectiveness measure is intended to help companies understand this cost expenditure related to the function "Manage Enterprise Risk, Compliance, and Resiliency".

Benchmark Data

Lock

Sorry! Not all users have access to all our resources. If you are not logged into your APQC account, please log in and try accessing again

Not a member yet? Members have access to all of our resources.

Learn about Membership Arrow with stem
Measure Category:
Cost Effectiveness
Measure ID:
110872
Total Sample Size:
2,474 All Companies
Performers:
25th Median 75th
- 1.2% -
Key Performance Indicator:
No
Sample image showing interactive filters for more detailed measure peer group data and an interactive graph.

Compute this Measure

Units for this measure are percent.

Back to Top

Key Terms

There are no key terms associated with this measure.
Back to Top

Measure Scope

Back to Top

Cross Industry (8.0)

  • 11.1 - Manage enterprise risk (17060) - Creating requisite frameworks and coordinating all risk management activities for the entire organization and each function. Manage the enterprise risk by outlining the risk policies and procedures. Monitor and communicate all risk management activities. Encourage correspondence among the business units. Manage the risk of all business units and functions.
    • 11.1.1 - Establish the enterprise risk framework and policies (16439) - Creating an agenda for the rules and regulations of enterprise risk that deal with hazardous, financial, operational, and strategic risks. This is inclusive of all forms of new and evolving technology such as artificial intelligence (AI).
      • 11.1.1.1 - Determine risk tolerance for organization (16440) - Recognizing the organization's tolerance for risk, given risk-return trade-offs for one or more anticipated and predictable consequences.
      • 11.1.1.2 - Develop and maintain enterprise risk policies and procedures (16441) - Establishing and maintaining the policies and procedures for managing risk. Create rules and regulations for enterprise risk dealing with hazardous, financial, operational, and strategic risks.
      • 11.1.1.3 - Identify and implement enterprise risk management tools (16442) - Recognizing and implementing tools for managing risk. Identify and apply enterprise risk management tools. Leverage methods and processes to manage risks and opportunities associated with business objectives.
      • 11.1.1.4 - Coordinate the sharing of risk knowledge across the organization (16443) - Communicating the knowledge about risk within the organization. Identify operational risks. Share risk information within the organization.
      • 11.1.1.5 - Prepare and report enterprise risk to executive management and board (16444) - Preparing and presenting reports about enterprise risk to the management of the organization. Create reports for management on hazard risks (e.g., property damage and liability torts), financial risks (e.g., currency and liquidity risks), and operational risks (e.g., product failure, customer satisfaction, social trends, and competition).
    • 11.1.2 - Oversee and coordinate enterprise risk management activities (16445) - Coordinating to plan, organize, lead, and control the activities of an organization in order to minimize the special effects of risk on capital and earnings.
      • 11.1.2.1 - Identify enterprise level risks (16446) - Determining risks that could thwart objectives, including crises that may impact customer service such as data breaches or significant product issues. Document and communicate the concern.
      • 11.1.2.2 - Assess risks to determine which to mitigate (16447) - Identifying options/actions to enhance opportunities and reduce threats. Recognize the root reasons of the identified risks.
      • 11.1.2.3 - Develop risk mitigation and management strategy and integrate with existing performance management processes (16448) - Developing activities to improve opportunities and lessen threats. Specify the organization's objectives. Evolve strategies and policies to attain these objectives. Assign resources to project objectives.
      • 11.1.2.4 - Verify business unit and functional risk mitigation plans are implemented (16449) - Checking that the blueprint created for managing risk in individual business units and divisions is correctly effectuated. Validate the implementation of all activities geared to mitigate risks.
      • 11.1.2.5 - Ensure risks and risk mitigation actions are monitored (16450) - Ensuring risk monitoring and mitigation activities. Monitor actions to enhance opportunities and reduce threats to project objectives.
      • 11.1.2.6 - Report on enterprise risk activities (16451) - Creating a report of activities to address hazard risks, liability torts, financial risks, operational risks, social trends, competition, etc.
      • 11.1.2.7 - Coordinate business unit and functional risk management activities (16452) - Coordinating risk management activities to improve opportunities and lessen threats. Specify the organization's objectives. Assign resources to project objectives.
      • 11.1.2.8 - Ensure that each business unit/function follows the enterprise risk management process (16453) - Checking each business unit's/function's options and activities to improve opportunities and lessen threats.
      • 11.1.2.9 - Ensure that each business unit/function follows the enterprise risk reporting process (16454) - Checking the reporting process of each business unit's/function's options and activities to improve opportunities and lessen threats.
    • 11.1.3 - Manage business unit and function risk (17462) - Analyzing the threats a business unit/function faces to prioritize the controls it implements..
      • 11.1.3.1 - Identify risks (16456) - Developing a timely and continuous process to identify activities that might hinder a project's goals.
      • 11.1.3.2 - Assess risks using enterprise risk framework policies and procedures (16457) - Determining the possibility that a specified undesirable event will occur using established tools, implements, and frameworks. Use risk assessments to determine, for example, whether to undertake a particular venture, what rate of return a particular investment requires, and how to mitigate an activity's potential losses.
      • 11.1.3.3 - Develop mitigation plans for risks (16458) - Developing possibilities and arrangements to improve opportunities and reduce deviations to project objectives.
        • 11.1.3.3.1 - Assess adequacy of insurance coverage (18129) - Evaluating the changing needs for insurance coverage. Research available insurance providers and offerings.
      • 11.1.3.4 - Implement mitigation plans for risks (16459) - Executing mitigation plans to improve opportunities and reduce deviations to project objectives.
      • 11.1.3.5 - Monitor risks (16460) - Identifying, examining, and recognizing/justifying any improbability in investment decision making.
      • 11.1.3.6 - Analyze risk activities and update plans (16461) - Examining the impact of risk activities in order to update the existing scheme of risk management. Analyze and substantiate the potential for adverse consequences to occur. Consider the risks associated with the activity and the methods available to manage those risks.
      • 11.1.3.7 - Report on risk activities (16462) - Creating reports on risk activities, and communicating them to management. Prepare reports on the potential for adverse safety consequences.
  • 11.2 - Manage compliance (17467) - Managing steps to confirm enduring compliance to industry regulations and government legislation.
    • 11.2.1 - Establish compliance framework and policies (17468) - Developing a set of procedures detailing an organization's progress in complying with established guidelines, provisions, and legislation.
      • 11.2.1.1 - Develop enterprise compliance policies and procedures (17469) - Creating a standardized approach to ethics and compliance. Have a programmatic approach for compliance that focuses on the definite risks the organization faces.
      • 11.2.1.2 - Implement enterprise compliance activities (17470) - Implementing standardized for ethics and compliance. Have a programmatic approach, built from the top down, to enterprise compliance that focuses on the definite risks the organization faces.
      • 11.2.1.3 - Manage internal audits (14133) - Managing accounts and prepare regular reports on financial performance.
      • 11.2.1.4 - Maintain controls-related technologies and tools (14137) - Managing technologies and tools related to the confidentiality, integrity, and availability of data in order to ensure the security of the organization's information. This is inclusive of all forms of new and evolving technology such as artificial intelligence (AI).
    • 11.2.2 - Manage regulatory compliance (16463) - Obeying laws, guidelines, strategies, and stipulations related to the business.
      • 11.2.2.1 - Develop regulatory compliance procedures (16464) - Developing procedures and methodologies to comply with relevant laws and regulations of an organization's obedience to laws, guidelines, strategies and stipulations related to business.
      • 11.2.2.2 - Identify applicable regulatory requirements (16465) - Determining the regulatory requirements that are most appropriate for the organization. Identify goals in order to follow the appropriate rules and regulations, guidelines, and strategies.
      • 11.2.2.3 - Monitor the regulatory environment for changing or emerging regulations (16466) - Analyzing and overseeing the regulatory environment in order to spot any changing or emerging regulations. This process element calls upon the organization to monitor the regulatory environment for any new statutes, policies, and enactments issued by the respective government authorities or those which have been updated.
      • 11.2.2.4 - Assess current compliance position and identify weaknesses or shortfalls therein (16467) - Evaluating current regulatory policies and regulations. Assess their performance. Make necessary changes.
      • 11.2.2.5 - Implement missing or stronger regulatory compliance controls and policies (16468) - Assessing the current policies and policies. Implement missing and necessary changes environmental changes, political changes, technological changes, etc.
      • 11.2.2.6 - Monitor and test regulatory compliance position and existing controls (16469) - Monitoring, appraising, and evaluating the compliance position of the organization in order to fine-tune for effective remediation. Track efforts for handling regulatory and compliance requirements necessitated by law. Test the robustness of internal frameworks, procedures, and approaches for dealing with these requirements, in order to clearly identify any necessary changes.
      • 11.2.2.7 - Compile and communicate compliance scorecard(s) (19595) - Creating a graphical representation of metrics in order to communicate the general health of the organization in relation to risk and compliancy.
      • 11.2.2.8 - Compile and communicate internal and regulatory compliance reports (19596) - Submitting compliance reports to regulatory agencies. These reports can be made to environmental, securities, or human resources agencies as stipulated by the local governing body.
      • 11.2.2.9 - Maintain relationships with regulators as appropriate (16470) - Developing and preserving relationships with the regulators, without compromising the legal basis of the relationship.
  • 11.3 - Manage remediation efforts (11185) - Administering the efforts and activities for remediation. This process element requires the organization to create plans for corrective action in collaboration with government agencies and pertinent professional services agencies which specialize in remediation efforts relevant to the organization's operations. Additionally, the organization needs to consult experts to validate the plan, determine resources allocation, resolve any legal concerns, and formulate a company-wide policy for remediation.
    • 11.3.1 - Create remediation plans (11201) - Creating plans for remediation efforts. Make a plan to address a case of environmental adulteration. Identify and treat the adulteration so that the area will become operational again.
    • 11.3.2 - Contact and confer with experts (11202) - Discussing and soliciting advice from experts for in order to incorporate their suggestion (regarding Create remediation plans [11201]).
    • 11.3.3 - Identify/Dedicate resources (11203) - Identifying and dedicating the resources for managing remediation efforts. Discern the resources needed for remediation efforts. Dispense with resources in a sound and well-reasoned manner.
    • 11.3.4 - Investigate legal aspects (11204) - Examining regulatory and legislative frameworks. Obligate the organization to remediate any damages through compensations, fines, and any other remedial efforts necessitated to correct the situations. Analyze local environmental laws, binding international covenants, etc. in order to examine legal accuracy about the rules and procedures.
    • 11.3.5 - Investigate damage cause (11205) - Studying the causes of damage, which could be environmental, physical, social, etc. at country level in order to institute better policies and regulations.
    • 11.3.6 - Amend or create policy (11206) - Crafting a new framework of policies and procedures for deploying remediation efforts, or change existing policies and procedures. Adapt the policy structure to the context of the apposite national and international regulatory frameworks.
  • 11.4 - Manage business resiliency (11216) - Including the processes required to rapidly adapt and respond to any internal or external opportunity, demand, disruption, or threat. Develop a more dynamic, strategic, and integrated approach to managing compliance obligations.
    • 11.4.1 - Develop the business resilience strategy (11221) - Creating a strategy for rapidly adapting to disturbances. Maintain continuous business processes and protecting employees, assets, and overall brand equity. This is inclusive of all forms of new and evolving technology such as artificial intelligence (AI).
    • 11.4.2 - Perform continuous business operations planning (11222) - Developing plans to ensure continuous business operations.
    • 11.4.3 - Test continuous business operations (11223) - Assessing ongoing activities within the organization that are not intended to stop except for in an emergency.
    • 11.4.4 - Maintain continuous business operations (11224) - Evaluating business operations. Determine which activities generate revenues, perform best, and provide good returns.
    • 11.4.5 - Share knowledge of specific risks across other parts of the organization (16471) - Sharing information about risks and resilience strategies of business operations across the organization so that prospective risks can be avoided.