Risk Culture and Governance  -  Basic Training Materials Overview of “How To's”

Risk Identification and Prioritization  -  Gap Analysis Checklist & Instructions

Risk Appetite, Tolerances and Limits  -  Risk Assessment Framework Templates & Tools

Risk Management and Controls  -  Enterprise Risk Governance Team (ERGT) Charter

Risk Reporting and Communication  -  Report Templates & Instructions

Three value-added consulting hours with an ERM-ORSA expert


All the Documentation needed for an ORSA regulatory review of your existing ERM program.

ERM (Tracking) Checklist - Comprehensive spreadsheet helps track all elements of the ERM program implementation required by the ORSA Manual.

ERM Program Template - This program template helps organize all your documentation into an ERM program with appendices containing the ERM Tool Kit documents (and other Organization documents).

Description of Responsibilities - Chief Risk Officer or ERM Program Director and ERM Risk Analyst job descriptions document roles and responsibilities for these important risk functions.

Risk Management Policy - Ready to be branded with your corporate logo, incorporated into your Organization’s Code of Conduct and adopted by your Board of Directors.

Key Risk Indicator (KRI) Procedure - Key Risk Indicators are the core of your ERM monitoring and reporting function, and this procedure documents and defines your process.

Risk Incident Reporting Procedure - Risk Incidents allow for critical events to become part of your ERM process, and this procedure documents and defines an incident for your Organization.

Enterprise Risk Governance Team (ERGT) ORSA Agenda - This agenda gives your Team the necessary items to implement the ORSA Manual requirements.

Enterprise Risk Governance Team (ERGT) ORSA Goals - This list of goals gives your Team their leadership objectives for ERM/ORSA.

High Level Risk Assessment (HLRA) Documentation Form - Helps supplement the HLRA process from the ERM/ORSA Starter Kit and facilitate the risk documentation for each interview.

Program Procedures and Risk Rating Charts - This comprehensive procedure covers

  • governance & culture;
  • identification & prioritization;
  • risk appetite & tolerances;
  • management & controls; and,
  • reporting & communication.

Risk Culture and Governance – Governance structure that clearly defines and articulates roles, responsibilities and accountabilities; and a risk culture that supports accountability in risk-based decision making.  

Risk Identification and Prioritization – The risk identification and prioritization process is key to the organization. The responsibility for this activity is clear; the risk management function is responsible for ensuring that the process is appropriate and functioning properly at all organizational levels. 

Risk Appetite, Tolerances and Limits – A formal Risk Appetite Statement (RAS), and associated risk tolerances and limits, are foundational elements of risk management for an insurer; understanding of the RAS helps ensure alignment with risk strategy by the Board of Directors.

Risk Management and Controls – Managing risk is an ongoing ERM activity, operating at many levels within the organization. 

Risk Reporting and Communication – Provides key constituents with transparency into the risk-management processes, and facilitates active, informal decisions on risk-taking and management. 


This training will contain an extensive overview of the risk management process including how the Company can benefit from a holistic approach to risk governance, risk assessments, risk monitoring, and risk reporting. ORSA requires this framework and First Consulting can present customized training for company employees, risk committees, Boards of Directors by webinar or in-person sessions for delivery of workshop-style educational presentations.   First Consulting can also create educational presentations that can be delivered by your company risk management or compliance officers, if you prefer.


Risk Governance & Risk Committee – review existing governance structure, roles and responsibilities for CFO or ERM program director and risk committee and assure a holistic approach to risk management as required under ORSA. 

Gap Analysis – review existing ERM framework for gaps, document the gaps, address the gaps, and assist with filing the gaps.

Risk Assessment – assist with any or all types of risk assessments, such as a High Level Risk Assessment, a Comprehensive Risk Assessment, a Targeted Risk Assessment or a Risk & Control Self-Assessment.

Risk Prioritization and Controls – review existing company documentation to assist with prioritizing risks, offer mitigation strategies for controls, and offering other acceptable types of decisions such as risk avoidance, risk transfers, or risk acceptance.

Risk Appetite, Risk Tolerance and Risk Ranges – review existing risk appetite statement, risk tolerance and risk ranges, or assist with establishing these measures based on review of risk assessments and risk prioritization.

Risk Monitoring and Auditing – review existing risk monitoring reports and strategies including key risk indicators and incident reporting processes or assist with establishing these controls as needed based on the company’s ERM framework.

Senior Management Risk Reporting – review existing risk reports for holistic and transparent risk reporting as required under ORSA or help establish this process.

ERM Program Documentation – review existing documentation, policies and procedures for the entire ERM/ORSA program.  Provide assistance to draft these required documents, as appropriate.


Contact Us to learn more on how First Consulting can assist.