Enterprise Risk Management (ERM) module enables a systematic and detailed process to identify critical risks, measure potential impacts, and implement integrated risk management practices to maximize companies' economic values. The institutional risk management process, which is carried out in order to determine, measure and minimize the risk factors that may adversely affect the workability of an institution or an organization and the profitability of commercial establishments, can be managed in an effective way through this module, which is designed in accordance with international risk management standards
Economic and technological developments have brought about complex business structures, where many activities are carried out in a long period of time with a large number of people and hierarchical organizational arrangements are constantly evolving. This situation has made the operations of the enterprises unobservable by simple control methods. COSO (The Committee of Sponsoring Organizations), which consists of five independent professional organizations in the USA, led to the transformation of internal control environment, risk assessment, control activities, information, communication and monitoring into a standardized structure in enterprises. The COSO internal control model is structured around the effectiveness and efficiency of business activities, the reliability of financial reports, and compliance with applicable laws and regulations. Then, with the ISO 31000 Risk Management System Standard, the risk management standards have been determined. ISO 31000 Risk Management System Standard recommends organizations to develop a framework that aims to integrate the risk management process with all management, strategy and planning, management, reporting process, policies, values and culture of the company.
Enterprise Risk Management (ERM) module has been created in compliance with these standards.
There are four main risk groups in the Enterprise Risk Management module:
The following steps are taken to manage risks:
Companies determine their risks by taking internal audit processes into consideration. Appoints responsible and managers for the risks. Determines the risk measurement periods and how the measurement is carried out.
Risk control methods used:
When the risks defined in the module are run at specified times, the results are shown both graphically and as a report.
As the Enterprise Risk Management module is fully integrated into the system, it can use the information in any module of the system to measure risks.