ISO 31000 provides a robust framework for enterprise risk management that can be applied to organizations of any size or sector. It increases the likelihood of achieving risk management objectives and improving identification of opportunities and threats. For Intuit, ISO 31000 is recommended over PM2 Risk Scorecard because it meets Intuit's needs for flexibility, rigorous risk assessment, and alignment with strategic goals through continuous measurement of key performance indicators.
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
ISO 31000 ERM Framework for Intuit
1. (Mt) – I need response to the discussion post in 200 words
Discussion post 1 (Devi Reddy) An ERM strategy necessitates an inclusive implementation
as well as continuous checking to be an effective tactic for an organization. So, As an ERM
consultant, I would recommend ISO 31000. For ISO 31000, there are three key steps I
advise them to follow in delivering the risk management plan that is implemented, assesses,
and improve. I greatly recommend it because Organizations can use it without thinking
about their sector, activity, or size (Fraser, Simkins, & Narvaez, 2014). ISO 31000 based
ERM Guidelines offers a framework, principles, and a procedure for handling risk.
Implementing ISO 31000 can aid organizations to improve the possibility of attaining goals
as well as progress the verification of threats and opportunities. Also, ISO 31000 effectively
use and allocate resources for risk management. Though, ISO 31000 deliver direction for
external or internal audit programs but cannot be performed for certification objectives.
Once it implemented in Organization, they can match their risk management practices with
an internationally recognized standard by delivering thorough principles for corporate
governance and effective management (Lalonde & Boiral, 2012). ISO 31000 offers vital
information for boards so that they can express and accomplish their risk error
accountabilities (Shad & Lai, 2015). These attentions comprise culture and governance
strategy as well as revision and review of training to enhance the organizational
performance. References Fraser, J., Simkins, B., & Narvaez, K. (2014). Implementing
Enterprise Risk Management: Case Studies and Best Practices. In Business & Economics (p.
688). John Wiley & Sons. Lalonde, C., & Boiral, O. (2012). Managing risks through ISO 31000:
A critical analysis. Risk Management, 14(4), 272-300. doi:10.1057/rm.2012.9 Shad, M. K., &
Lai, F.-W. (2015). A Conceptual Framework for Enterprise Risk Management Performance
Measure Through Economic Value Added. Global Business and Management Research: An
International Journal, 7(2), 1-11. Retrieved from
https://pdfs.semanticscholar.org/916d/dc036dcf1e0760e42fac625f3ec782d783bb.p df
Discussion 2 (palalkurla) The first thing to keep in mind is Intuit is a performance oriented
organization with all the desires to reach higher end goals. So Intuit needs an Enterprise
Risk Management (ERM) which will be more powerful rather than simple and standard.
Including risk management as a mandatory process to leaders is a good idea to analyze
strategic objectives. By including risk management to leadership, decision making can be
done based on the risk assessment, and the growth strategies can be planned accordingly. I
promote this idea of Intuit while recommending a new ERM process. The ISO 31000 might
be easy to implement and might have global standards but I will recommend PM2 Risk
2. Scorecard for Intuit. Risks at all costs need to be reduced to achieve desired results. The
process of mitigation might be hard with PM2 Risk Scorecard, but comes with a successful
outcome. Risks come at all levels. It’s important to know the priority of risk while dealing
with Risk management. Some risks may wait but some might not. We cannot stop high
priority risks while dealing with a low priority one. ISO 31000 is not providing the option to
rank risks whereas PM2 Risk Scorecard is. To increase the Stakeholder value, Intuit should
aim at reaching Risk Leadership which is clearly not possible with ISO 31000. PM2 Risk
Scorecard ERM process allows you to embed the risk management to strategic decision
making. Discussion 3 (Levec) Introduction The ISO 31000:2018 Guidelines provides
organizations with the necessary principles, framework and processes with which to
effectively implement a risk management agenda. It is formulated to be sector-agnostic; it
can be used by any organization regardless of its “size, activity or sector”. It increases the
likelihood of organizations achieving their risk management objectives; improve their
identification of threats, as well as opportunities, while guiding them towards the right
resources for effective enterprise risk management. It also provides sound principles for
effective management and corporate governance, letting organizations compare their risk
management practices against an internationally recognized benchmark (ISO 31000, 2018).
This discussion identifies the opportunities in ISO 31000 as opposed to PM², and takes a
look at the current ERM model implemented by Intuit to be able to effectively recommend a
sound ERM re-implementation. Intuit’s current ERM approach At Intuit, the current basis
for their ERM program lies in the added value that is generated by a continuous
performance measuring process. Intuit centers its ERM on the following principles: •
Instituting a common and singular risk management framework across the enterprise •
Continuous and on-going assessment of risks • Targeting the risks that present themselves
as the most significant to the disruption of their business model and strategy • The clear
and concise definition, ownership and accountability for risks • And most importantly, both
qualitative and quantitative performance measurements and monitoring are embedded into
the entire process through the use of Key Performance Indicators (KPIs). These
measurements stem from tangible, flexible, standardized and objectively focused
performance outcomes. Recommendation As an ERM consultant looking to overhaul and re-
implement Intuit’s ERM, and because Intuit’s current ERM approach has been largely
successful, making a choice between PM² and ISO 31000 will require looking at the core
principles of the current approach and determining what the organization considers the
most important aspects for adding value to their organization through ERM. From the
readings of Chapter 12, the following important aspects stand out: • Risk management is the
responsibility for everyone in the organization. • • • • It is a core business competency and
the ability to measure performance to determine that competency levels are met for ERM
are very important. Intuit demands an ERM approach that is flexible, but also rigorous in
assessing and responding to risks in a timely manner. While focusing on significant risks
that have a high priority, they would also love to accelerate progress that thinks ahead of
time in relation to emerging risks so as to be certain that the program aligns with their
overall strategic long term goals. While ERM is viewed as an integral part of their operating
model, Intuit will also love to improve enterprise-wide risk awareness, monitoring and
3. management. From these basic principles of what Intuit currently implements and where
they would want to see themselves go, I would highly recommend ISO31000.
ISO31000:2018 specifically meets all the demands for the ability to handle emerging risks
within the overall growth of the company. Here is why. While PM² Risk Scorecard presents
a powerful tool of programs and initiatives for an ERM implementation, it is hardly
complete in itself, in providing a robust ERM framework for Intuit. It is a program that
would need to be implemented as part of a larger process. It is also highly complex, and
reviewing some of the values and goals of Intuit which include the ability for all employees
and stakeholders to be able to understand, take initiative and ownership of risks, this model
seems to fall short of providing that. The complexities involved cannot be handled by junior
staff or individuals with limited training. The mitigation processes for PM² Risk Scorecard
model are also difficult to implement without an intensive and rigorous training, hence,
making the model non-flexible and inconsistent with Intuit’s values. I recommend
ISO:31000 because, unlike PM² Risk Scorecard, it provides a robust global standard for ERM
that is easy to implement irrespective of the size and activity of the organization. It provides
guidelines and standards that are globally tested against similar organizational structures
and processes. It is important as a consultant to advice on implementing a framework that
fits into the overall processes of the organization and what the organization believes adds
value to its business strategy. ISO 31000 will provide a consistent risk management method
across all areas of operations, projects, strategy and long term objectives while adhering to
Intuit’s goal of continuous measurements of Key Performance Indicators and thereby
provide the “most efficient and effective means of ensuring that the measures of success can
be achieved” (Fraser, Simkins & Narvaez, 2015). References Fraser, J., Simkins, B., Narvaez,
K. (2015). Implementing enterprise risk management: Case studies and best practices. John
Wiley & Sons. ISO 31000. (2018). Retrieved from
https://www.iso.org/standard/65694.html