Enterprise Risk Management Program Evaluation Success Story

Large bank requested our expertise to determine if their ERM program’s ability and robustness meets the evolving needs of the organization as well as regulatory expectations.

man giving presentation

Business Issue 

A Bank providing a broad range of business, commercial and personal banking products and services to small and middle-market business, public entities and affluent individuals sought a partner to perform an independent evaluation of its ERM program with a focus on its KRIs and Risk Rating Parameters to determine their robustness and program’s ability to meet the evolving needs of the organization as well as regulatory expectations.  


Jefferson Wells conducted an evaluation of the Client’s risk categories for alignment with current regulatory guidance and verified the program clearly demonstrated the Client’s risk-based approach for continuous monitoring and reporting of risk tolerances to the ERM Committee and Executive Management. 

Jefferson Wells also verified the processes for developing KRIs and related Risks & Controls to mitigate the associated risks that were in place. We evaluated whether the underlying metrics were developed in a consistent and structured manner and were appropriately aligned with the Bank’s core activities including internal policies, procedures and that core system reports were utilized to substantiate the quantitative data elements related to the KRIs. Jefferson Wells also evaluated whether the qualitative data elements were supported by documented risk assessment matrices that reinforced management’s qualified opinions on current market conditions, business events and recent regulatory examinations that contributed to the Bank’s reported risk scores. We performed an analysis to determine adequate support for the quantitative & qualitative aspects of data related to compliance, cyber-security, reputational and strategic risks. 

The Client’s ERM Program was integrated with a third-party vendor Software Program producing risk reports on the client’s overall risk profile which were also evaluated to determine their robustness and usefulness in supporting the ERM governance process. 

To provide the client with a benchmark of how they were doing relative to similar companies in size and industry, Jefferson Wells conducted a peer analysis targeting key details of the Peer companies’ ERM Programs which were consistent with what Jefferson Wells had observed at most other similar sized organizations.  


Jefferson Wells evaluated the Client’s inventory of KRIs and observed that all the risk indicators explicitly described the relationships of the specific risks representing those exposures as they relate to the inventory of risks and controls associated with the KRIs. We determined that the composition of the KRIs were aligned with industry standard risk tolerances and applied metrics. We concluded that the configuration of the KRIs and Risk Rating Parameters contained standard baseline measurements that were ‘on par’ with current regulatory guidance & expectations. 

Our assessment of the KRIs, Risks and Controls warehoused Clint’s ERM Software Program revealed that the metrics were appropriately updated in response to changes in the Client’s policies and procedures and annual ERM self-assessments performed by department heads to validate the Client’s current risk tolerance and risk profile. The Risk Rating Parameters that were developed to calculate the risk scores were comprised of standard levels which are regarded as best practice and are commonly utilized as standard baseline measurements that promoted meaningful comparison of risk scores among peer Clients within the financial services industry. 

Jefferson Wells concluded that the Client had an established ERM Program that embraced the principal components of a complete risk oversight framework which contained appropriate risk measurements and risk tolerances developed in accordance with current regulatory guidance. Our review also identified process improvement opportunities related to the third-party ERM Software Program for management’s consideration.