Articles

  • Using Collaboration Risk Management to Recognize Emerging Risks

    March 01, 2013

    PricewaterhouseCooper recently published a research paper on systemic risk trends. The authors of the paper shed light on the many issues related to the risk mitigation capabilities of businesses for minimizing the effect of systemic, or emerging, risk. As a result, they also found the similarities of strategies that successful companies use to thrive through major adverse events. The authors proffer that companies must integrate emerging risk management strategies into overall business strategies as well as considering collaborating with important partners to share risk information. The more companies anticipate and allocate resources to mitigating emerging risks, the better position they will be to capitalize on emerging upside risk.

  • Strengthening the Role of the Chief Risk Officer in an Organization

    February 13, 2013

    The role of chief risk officer (CRO) has been put under a microscope to understand methods and key success factors that can enhance the role. Organizations now, more than ever before, are appointing CROs to improve their risk function and better manage potential risks that could impede their strategy. To achieve that, the CRO must be placed in a position that is fundamental as well as instrumental in the decision-making and strategy-setting process. A recent Protiviti white paper provides six key critical success factors that organizations should be aware of and promote to ensure that their organization is in a better risk management position than in the past.

  • Top Risks on Horizon for 2013

    February 13, 2013

    The top risks that corporate leaders see on the horizon for the coming year include the effect that regulatory changes combined with heightened regulatory scrutiny will have on product and service offerings, global economic conditions that are significantly limiting growth potential, and an unstable political climate in different markets worldwide, according to Executive Perspectives on Top Risks for 2013, a report and survey findings from global consulting firm Protiviti (www.protiviti.com) and the Enterprise Risk Management (ERM) Initiative at North Carolina State University’s Poole College of Management.

  • Q & A: Controlling Spreadsheet Risk

    January 10, 2013

    Spreadsheets are widely used in today’s business environment, and rightly so – they provide users with a powerful, flexible solution for getting things done. However, there is a difficult truth about spreadsheets: as they become more prevalent and more complex in their functionality, spreadsheets can generate significant risks for any organization if not properly managed. This publication from Protiviti Inc. delves into the topic of spreadsheet risk with answers to over fifty frequently asked questions about spreadsheets. Collectively, these answers provide guidance for evaluating and controlling spreadsheet risk.

  • Overview of World Economic Forum’s Recent Worldwide Risk Assessment

    January 08, 2013

    This recently published report from the World Economic Forum presents the results of the Forum’s annual “Global Risks Perception Survey.” The survey asked respondents to assess 50 risks along scales of likelihood and impact. Each respondent was also asked to consider the interconnectedness of the 50 risks and to evaluate their country’s ability to handle the impact of the risks. The survey was administered in late 2012, and received over 1,000 responses from professionals and subject-matter experts residing in more than 100 countries around the world. With this report, the World Economic Forum seeks to spread information about the risks impacting everyone around the globe and to improve decision-making and risk-awareness across all professions and walks of life.

  • Making the Connection Between Strategy-setting and Risk

    December 21, 2012

    Organizations invest a great deal of effort in developing and executing their business strategies. Even so, winning business models are all-too-often subject to catastrophic failures in the blink of an eye. Didn’t these companies see trouble coming? The answer: probably not, but only because executive managers did not think hard enough about risk during the strategy-setting process. This white paper from Protiviti Inc. explores the concept of strategic risk and provides an approach for incorporating risk assessment into the process of strategy-setting. By combining these processes, managers will be better equipped to make decisions for their organizations now and in the unknown future.

  • Managing Disruptions by Bifurcation

    December 01, 2012

    Proactively managing risks gives managers viable strategies when opportunities or threats emerge. However, even the most proactive companies experience an event or events that require reactions from management. At times, this process involves reinventing the company’s business model while divesting or disowning what made it successful. The authors of a recent Harvard Business Review paper argue that companies can diversify risk and capitalize on disruptions by bifurcating their strategies: a market-adaptive model that repositions its legacy business while also developing a new growth model that is forward-looking. Even though the strategies are divergent, companies should manage them in such a way that they share resources to create synergies in what the authors call “capabilities exchange”.

  • SunGard Survey: How Are Companies Managing Financial Risk?

    December 01, 2012

    This white paper presents the results of a recent study conducted by SunGard, a global provider of technology-related services and solutions. The purpose of the study was to gain an understanding of how companies are currently managing financial risk. To achieve this, SunGard solicited information from over 200 treasury professionals working in companies across a broad range of revenue levels, industries, and geographic locations. These professionals responded to a series of questions addressing various aspects of the risk management process. Respondents were also asked to evaluate the effectiveness of their organizations’ strategies for managing financial risk. The report finds that there is significant room for growth along the risk management curve as it relates to financial risk oversight.

  • Managing the Risk of Disruptive Innovation

    December 01, 2012

    Organizations often find themselves surprised by a competitor’s announcement of a new innovation. Such announcements can be hugely disruptive, and they hit the competitive environment in many forms, such as a new revolutionary business model, a completely new technology, or a new spin on an existing product or service. A December 2012 article in Harvard Business Review discusses the threat of disruptive innovation. A new product offering or a novel business model from a competitor is enough to upend any existing business and change the face of a particular market indefinitely. However, organizations can manage the risk of disruptive innovations by being proactive in regards to evaluating their own business models and those of competitors. In this HBR article, Wessel and Christensen present their approach for assessing and strategically managing the risk of disruption.

  • S&P’s Management and Governance Rating Criteria - 2012

    November 13, 2012

    NEW YORK (Standard & Poor's) Nov. 13, 2012--Standard & Poor's Ratings Services today published its criteria for evaluating enterprises' management and governance credit factors in an article titled "Methodology: Management And Governance Credit Factors For Corporate Entities And Insurers." (See also "How We Use Management And Governance Credit Factors," published today.)

  • Overview of Key Take-Aways from Fall 2012 ERM Roundtable Summit

    November 02, 2012

    Summary of NC State University’s ERM Initiative Fall 2012 ERM Roundtable Summit in Raleigh, NC on November 2, 2012.

  • Internal Audit’s Role in Risk Management

    October 02, 2012

    Michael Somich, Executive Director of Internal Audit at Duke University, discusses with Dr. Mark Beasley his views about the role internal audit should play within an organization’s ERM process. He shares insights from his experiences of leading the launch of the ERM initiative at Duke University while also serving as the general audit executive.

  • The Future of ERM

    October 02, 2012

    Steve Dryer, Managing Director and Practice Leader at Standard & Poors, speaks to whether he thinks Enterprise Risk Management is just another consultant’s fad or if it will be an enduring process and way of thinking. He states that he believes though the name may eventually fade away, the underlying concepts that make up ERM will survive through the test of time. Mr. Dryer expects that ERM will slowly evolve with best-practices surviving the test of time. He also expects S&P to catch some heat for evaluating such a “soft” part of a company as opposed to its traditional “hard numbers” based approach to examining companies. However, he states this is an important part of their evaluations.

  • Chief Risk Officer vs. Risk Committees

    October 02, 2012

    A major stumbling block companies run into when beginning their ERM journey is whether to have one risk champion (CRO) or have a committee that handles risk oversight. Paul Zavolta, Director of ERM at Alpha Natural Resources, tells how Alpha Natural Resources uses both and discusses the importance of having individuals in risk leadership positions who possess strong people skills in addition to their technical expertise. He also goes into how he wishes he had risk management education as a college student and how that would have helped him throughout his career.

  • Engaging Business Unit Leaders in Discussing Enterprise Risks

    October 02, 2012

    Paul Zavolta, Director of ERM at Alpha Natural Resources, provides an overview of how ERM is treated at Alpha Natural Resources. He speaks of how he feels the company’s top-down and bottom-up approach has been most effective in assessing all risks to the company, whether they be faced by people at the top or bottom of the organization. He also speaks to the day-long workshops that Alpha does to ensure that risk is talked about among all aspects of the business.

  • Role of Senior Executives in Leading Risk Oversight

    October 02, 2012

    Michael Somich, Executive Director of Internal Audit at Duke University, discusses how having the President of Duke University "walk the walk and talk the talk" regarding ERM is essential element of the success of ERM at Duke. He states how the ERM process is maturing and he shares insights as to factors that have contributed to the ongoing embrace of ERM at Duke. He offers his views about the detrimental impact on ERM when an organization lacks the backing of a president or CEO of an organization.

  • Education of ERM Concepts at the Collegiate and Corporate Levels

    October 02, 2012

    Laurie Brooks, retired Chief Risk Officer at Public Services Enterprises Group and current board of director at Provident Financial Services, shares her views about the long-term viability of ERM and how ERM is an expected core competency skill of executives. She argues that should simply be seen as a good management practice and looking at risks from an enterprise-wide view should be seen as the normal thing to do, not a specialized thing to do. She also tells about how to tell the maturity of ERM at a company by how risks are assigned and overseen.

  • Getting Started with ERM

    October 02, 2012

    Often times executives brush off any ERM initiative by stating they have smart people on the board or on management teams. David Hughes, Assistant VP of ERM and Business Continuity Planning at Hospital Corporation of America (HCA) explains how boards and senior executive may miss the identification of certain strategic risks because they are not “on the ground” interacting with customers and business operations. He emphasizes the importance of obtaining input about risk exposures from multiple levels of management to ensure the identification of the entity’s most significant strategic risks. He also speaks about how important it is for CEOs to embrace an ERM process and see the value in taking time to look at risk through a strategic lens.

  • Applying “Big Data” to Risk Management

    October 01, 2012

    “Big data” is quickly building a following as a useful tool for helping managers make decisions. But what exactly is big data, and is its use actually beneficial to a business? This article from Harvard Business Review answers these two questions and more. The authors explain why digital data is perhaps more useful than ever before, and also provide real-life examples of companies using big data to make better decisions. The article also discusses five ingredients that are critical to using big data successfully in any company. Ultimately, big data could provide managers with insights into the risks facing their organizations.

  • Managing Risks of Innovation

    October 01, 2012

    Managers attempting to streamline a global innovation project generally do so while haphazardly managing risk. The reason for rushing projects is either lack of available employees, desires for a faster time to market, or using methods that worked at single location innovation projects. When management fails to spend the time necessary to build global innovation capabilities it could be more costly and more risky to make changes in the future when the change is out of necessity. A recent Harvard Business Review article offers ten guidelines to ascertain that a global innovation project has been organized and managed correctly to ensure its effectiveness.

  • Four Steps to Better Statistical Performance Measures

    October 01, 2012

    Managers hinder their performance insight by focusing on sexy performance metrics that may be persistent but not predictive, and vice versa. These popular key performance indicators (e.g., EPS growth) are loosely connected with long term value creation, based on empirical research. By using the author’s method for determining a measure that is both persistent and predictive, the company will enhance both past and future performance insight and management may be in a better position to identify risk areas that are more closely connected with strategic objectives such as shareholder value.

  • Managing Risks of the Mobile Enterprise

    October 01, 2012

    Mobile devices are becoming more and more integral in the workplace today, as they are used for field work, file-sharing, and business processes. With the widespread use of mobiles, and the delicate intertwined relationship of such devices with both personal and professional lives, substantial number of risks arise that need to be managed properly in order to reap the benefits of these devices. To help organizations think about risks associated with the use of mobile devices, the Security for Business Innovation Council (SBIC) has issued an in-depth analysis of consumer mobile devices in the enterprise along with various risks that arise with the evolving technology. Furthermore, the report also provides various recommendations to manage such risks effectively over time. The following provides a summary of the report.

  • Confronting Risk Culture at the Board Level

    October 01, 2012

    Tackling risk culture head-on – that is, the collective way in which personnel within an organization think about, communicate about, and behave in relation to risk – may be one of the most overlooked critical elements of an organization’s risk management processes. A recent thought paper by the Institute of Risk Management (IRM) tackles the topic of risk culture, arguing that a healthy risk culture is critical to successful risk management because it forms the foundation upon which all risk management practices are built. The thought paper highlights several approaches and tools for boards to use in fulfilling this important function in governing risk management, given that boards are ultimately responsible for understanding and guiding an organization’s risk culture.

  • Managing Supply Chain Risks for Conflict Minerals

    September 15, 2012

    The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 places new regulations on companies reporting to the SEC. In particular, Section 1502 of the Dodd-Frank Act concerns the use of conflict minerals in manufacturing supply chains. SEC issuers must now perform due-diligence on their supply chains in order to determine and disclose whether or not their manufactured products contain conflict minerals. This KPMG report is the first publication in a four-part series on Section 1502 of the Dodd-Frank Act. In the report, KPMG discusses how companies can begin to build a framework for compliance and risk management with regard to conflict minerals and the supply chain in general. KPMG believes that companies will reap significant future benefits by gaining a better understanding of supply chain risks now.

  • Minimizing Risks through Creative Strategy Setting

    September 01, 2012

    Strategic planners often go through a rigorous process of extensive analysis of past performance and forecasts to come up with a robust strategic plan. They attempt to check their biases, preconceived notions, and judgments during this process. However, the reality of the outcome of its execution of strategy provides little comfort on the efficiency of the strategic planning process and in identifying the risks associated with that strategy. This article from the Harvard Business Review recommends a “truly scientific” approach to strategic planning by providing seven key steps for leaders to consider while designing strategies so that they may be in a better position to address risks proactively as the strategy is built rather than after the strategy’s execution. In this way, organizations are better positioned to identify risks before they emerge, thereby enhancing the likelihood of strategic success through more effective risk oversight.

  • The Importance of Board Support for Enterprise Risk Management: Part 3

    August 03, 2012

    A critical element for the success of any ERM effort is the involvement and "buy-in" of the board of directors. Michael Somich, Executive Director of Internal Audit at Duke University, discusses the involvement of the board at Duke and how they have bought into the ERM process and how they see the value it brings to the table when discussing risks on a macro-level.

  • Beasley Moderates Discussion Between Senator Sarbanes and Representative Oxley

    July 30, 2012

    Mark Beasley, Deloitte Professor of ERM at NC State, moderated a live discussion between former Senator Paul Sarbanes and Representative Mike Oxley on July 30, 2012, which marked the 10th anniversary to the day of the signing by President Bush of the Sarbanes-Oxley Act of 2002. Senator Sarbanes and Representative Oxley provided insights about the legislation and their assessments of the effectiveness of the Act, and they shared thoughts about visions for the future.

  • Mature Risk Management Drives Financial Performance

    July 27, 2012

    In a recent survey, Ernst & Young assessed the maturity level of risk management practices and found a positive relationship between risk management maturity and financial performance. It was revealed that specific risk practices were consistently present in the top performers (i.e., top 20% based on risk maturity), but were not present in the bottom 20%. The survey report organizes these practices into specific risk components the firm believes are critical to transforming risk management and driving better business performance.

  • The Importance of Board Support for Enterprise Risk Management: Part 2

    July 06, 2012

    A critical element for the success of any ERM effort is the involvement and "buy-in" of the board of directors. Michael Somich, Executive Director of Internal Audit at Duke University, discusses the involvement of the board at Duke and how they have bought into the ERM process and how they see the value it brings to the table when discussing risks on a macro-level.

  • Increasing Percentages of Organizations are Embracing Enterprise Risk Management

    July 01, 2012

  • The Importance of Board Support for Enterprise Risk Management: Part 1

    June 04, 2012

    A critical element for the success of any ERM effort is the involvement and "buy-in" of the board of directors. Michael Somich, Executive Director of Internal Audit at Duke University, discusses the involvement of the board at Duke and how they have bought into the ERM process and how they see the value it brings to the table when discussing risks on a macro-level.

  • Risk Appetite: A Conversation of Governance

    June 01, 2012

    Managers often view risk appetite as a highly theoretical concept: one that is determined instead of discussed, irrelevant instead of practical, or static instead of adaptive. This paradigm is due to the notion that risk appetite reflects a short term risk philosophy of the company, and the frequency of which risk appetite is viewed as being congruent with risk tolerance. The authors of this Protiviti white paper discuss the importance of developing and maintaining a risk appetite statement as well as using it to spur conversation between management and the board of directors in the governance process.

  • Super Bowl Embraced ERM

    June 01, 2012

    Imagine being responsible for managing risks related to the NFL Super Bowl. With the millions of viewers drawn to this event each year, one shudders to think about an event occurring that shuts down the game or postpones it for a period of time. For the 2012 game, the Host Committee decided to embrace enterprise risk management (ERM) principles to help coordinate all the silos of responsibilities being assumed by the staff and the thousands of volunteers involved. A number of lessons can be drawn from this experience.

  • Executives Take on Enterprise Risk Management Post- Recent Crisis

    June 01, 2012

    In spring of 2012, a survey of 192 U.S. executives from various industries was conducted by Forbes Insights in association with Deloitte that revealed findings vital to the business world that put enterprise risk management (ERM) in perspective. The overriding theme is that most executives (over 90%) are planning to re-organize and reprioritize their approaches to risk management. And, they sense that many of the risks recently experienced will only increase in volatility. Many of the respondents are turning to ERM with an even greater commitment to find better ways to continuously monitor key risks. This Deloitte thought paper highlights several considerations executives will want to have as they seek to strengthen their organization’s enterprise-wide risk management to ensure it is providing strategic value as the world becomes more complex.

  • Preparing for a Corporate Crisis Before Significant Risks Materialize

    June 01, 2012

    A recent article from Practical Law The Journal offers boards guidance on preparing and responding to a corporate crisis. A lack of proper planning can make both managing crisis situations more difficult and possibly lead to more damage. The article discusses five steps the board and management can adopt to better prepare for a crisis once a significant risk materializes. A strong board culture is also highlighted as an important factor in responding to a crisis. Strategies are offered for promoting an effective board culture.

  • Categorizing Risks for More Effective Risk Management

    June 01, 2012

    Organizations often employ a rules-based model to manage risk; however history suggests that such an approach may not be an effective way to manage all types of risk. This Harvard Business Review article provides a framework for thinking about risk management that is centered on breaking an organization’s risks into three categories. The authors demonstrate, through real-world examples, how each category of risk is best managed through certain types of risk management mechanisms. Each of these mechanisms plays a role in strengthening the organization’s overall risk management function.

  • Sustainability:  Considerations that Can’t be Ignored from a Strategic Perspective

    May 17, 2012

    The topic of sustainability means a host of things to people. Many view it from a “going green” or “social responsibility” perspective. While there is value in considering sustainability related to those types of initiatives, boards and C-suites are finding greater strategic benefit in positioning their considerations of sustainability from a risk and opportunities perspective. They are trying to view sustainability from a lens that forces them to think how sustainability issues might affect the long-term viability of the entity’s business model. That is, they are seeking to integrate their sustainability thinking with their strategic planning and execution efforts. A recent MIT Sloan Management Review Research Report highlights emerging trends of how sustainability considerations are reaching a tipping point.

  • Allegations of Risk Management Overrides Swirl at JPMorgan Chase

    May 15, 2012

    The turmoil surrounding recent announcements of over $2 billion in trading losses at JPMorgan Chase is now shining a spotlight on risk management failures at the bank. A front-page story in The New York Times (May 15, 2012) reveals that in the years leading up to the bank’s trading loss, risk managers and some senior investment bankers raised concerns that the bank was making increasingly large investments in complex trades, but their concerns were ignored and dismissed. Some allege that the senior executives failed to respond to concerns from internal risk officers, who were largely side-lined. This unfolding story is highlighting the critical importance of the tone at the top regarding maintaining and enforcing an appropriate risk management culture and continues to support the call for direct lines of reporting from chief risk officers to independent members of the board of directors.

  • Managing Levels of Innovation Risk

    May 01, 2012

    The highly competitive landscape and the rapid pace of change means organizations must continually seek to innovate to survive and grow. For many, their rush to get new innovations to market overlooks critical risks that threaten the success of those initiatives. More organizations are seeing first-hand how difficult of a task it is to mitigate innovation risk. A recent Harvard Business Review (HBR) article highlights how organizations can, through the balance of diversifying and appropriately focusing efforts within their innovation portfolios, achieve higher returns over their long-term innovation investments. The authors of this article discuss issues dealing with managing innovation and ways to initially guide management.

  • Lack of Senior Manager Support Impairs Risk Management

    May 01, 2012

    Here’s a new twist to “risk management”: one of the most damaging risks an organization may face is “management” itself. A recent article in Disaster Recovery Journal highlights the realities of how management’s attitude and embrace of risk management approaches can undermine the organization’s effectiveness at managing key risk events. Although many executives understand that risk management benefits everyone, not all share this view. The article outlines three categories of management that have a negative effect on an enterprise’s risk management strategies: management that ignores reasoned words, management that works against others’ efforts and management that is nonexistent in the execution of a plan.

  • How to Manage Risks Associated with Organic Growth Strategies

    May 01, 2012

    A sound approach to organic growth enables an organization to sustain itself through the toughest circumstances in the business environment. The authors of this Harvard Business Review article believe that organic growth strategy is most effectively driven by top-level executives; however, the authors also demonstrate that executive leaders commonly neglect their important role in organic growth, exposing their organizations to several areas of risk. This article discusses four specific risk areas created by a lack of executive leadership over organic growth efforts. The article then provides corresponding rules that executives can follow to overcome these risks and drive organic growth within their organizations.

  • S&P’s Preliminary Changes for Scoring Management and Governance for Credit Rating Purposes

    May 01, 2012

    Part of the ratings process that Standard & Poor’s (S&P) undertakes to determine the creditworthiness of a company includes examining the management and governance functions of the organization. Often times an otherwise financially stable organization can be taken down from within because leadership is lacking within its own four walls. S&P is revamping its process to examine these aspects of a company, and has published a paper looking for public comment on their proposed process, which includes looking at the strategic positioning, risk management/financial management, organizational effectiveness, and governance. Specific sub-factors within each of those categories are examined to determine a score of strong, satisfactory, fair, or weak.

  • Risks Associated with Product Development

    May 01, 2012

    With over 50 years of experience in advising companies on product development efforts, the authors of this Harvard Business Review article present six flawed assumptions that bring rise to risks associated with product development. Product development managers often follow conventional assumptions to execute their projects effectively and efficiently based on the belief that these lead to the most productive approach. But often, risks associated with product development rise due to fallacies in these assumptions causing major delays, glacial progress, and costly failures.

  • Leading a Risk Team

    April 01, 2012

    Despite the attempts by many organizations to strengthen their risk oversight efforts, many organizations’ approach to strengthen their corporate risk management are still missing the mark. Unfortunately, many attack the challenge by focusing on pockets of risks, such as insurance, compliance, and fraud prevention, and they fail to focus on those risks most likely to impact the value of the business – strategic risks. Furthermore, some organizations have over-complicated their risk oversight processes by focusing on a form-over-substance approach to what they are trying to achieve. A recent article in CFO.com highlights ways to increase the relevance of a risk management program.

  • Competitive Intelligence: Managing Industry Dissonance Risk and Enhancing Foresight Capabilities

    March 01, 2012

    As the hyper-competitive nature of the business environment continues to persist, companies find themselves experiencing more and more strategic surprises generated across the competitive landscape. A recent Protiviti thought paper argues for the need to strengthen an organization’s competitive (versus competitor) intelligence to enhance management’s ability to identify and assess risks associated with the competitive landscape. Competitive intelligence, contains multiple elements and considers any factor that may hinder or enhance the progression of a company’s ability to compete. The paper suggests that organizations can no longer monitor, assess, communicate, and act upon competitor intelligence alone. Alternatively, managers should consider all external factors that have the potential to impact their ability to compete.

  • Responding to Shifting Global Risk Trends

    March 01, 2012

    The experiences associated with natural disasters and political events that occurred in 2011 are have implications for the kinds of risks organizations may need to consider in the near future. Lessons learned from prior events help challenge boards and senior executives as they think about the need to restructure their approach to risk management and their design of responses to these types of risks, according to a recent report by PricewaterhouseCoopers (PwC), Risk in Review: Rethinking risk management for new market realities. This report is based on the results of PwC’s 15th annual Global CEO Survey, in which more than 1,000 executives and risk management leaders responded on which risks are most significant to their company and how they plan to mitigate those risks.

  • Learning from Duke University’s Enterprise Risk Management Process

    March 01, 2012

    A place where ERM hasn’t been embraced as quickly in the corporate world is academia. However, that may be changing as major universities such as Duke and the University of Washington have begun to develop robust ERM processes. Though the functions of universities range from education to athletics and vary from school to school, the lessons learned by Duke, can not only be applied to academia, but also to other organizations looking to implement ERM in their business.

  • Understanding and Communicating Risk Appetite

    February 01, 2012

    Risk appetite, as defined by COSO, is the “amount of risk, on a broad level, an organization is willing to accept in pursuit of value.” While the overall concept of risk appetite makes sense, organizational leaders find it difficult to find practical ways to articulate the organization’s appetite for risk-taking. As a result, risk appetite is often not discussed in many organizations. However, many are realizing that as their ERM processes mature, they need to tackling articulating risk appetite. Developing and articulating risk appetite needs to be engrained into the culture of an organization.COSO has developed this thought paper on Risk Appetite to provide practical illustrations of effective ways boards and senior executives can identify and communicate its appetite for risk taking across the enterprise.

  • Twelve Areas of Risk a Board Should Consider

    February 01, 2012

    In today’s dynamic business environment, the only constant for an organization is that it will be forced to change on a regular basis. A recent thought paper by Deloitte examines some of the top challenges facing companies and their boards in the ever-changing environment in which their organizations operate. The document highlights twelve key considerations boards should evaluate and provides food-for-thought in how they can help management navigate the uncertainty ahead.

  • Is it Necessary to Have a Separate Risk Committee?

    February 01, 2012

    A hot topic in risk management discussions within organizations is the debate about whether a separate risk committee is necessary for a company to have effective enterprise risk management processes. The authors of this Conference Board article believe“It depends.” The risk management process is a very individualized process. Organizations need to take a long look in the mirror to ensure that a separate risk committee would not create more unnecessary bureaucracy. By learning the business and its strategies more intimately, the organization can determine the risk environment of the firm at a higher level, which in turn will give insights into the necessity/requirement of having a separate risk committee.

  • The LEGO Group’s Four Elements of Risk Management

    February 01, 2012

    Integrating risk management with strategy development and execution is one way that organizations can manage their strategic risks in a volatile business environment. One company that has done so is the LEGO Group- a family-owned company that is the third-largest toy manufacturer in the world in terms of sales. To better prepare itself in mitigating strategic risks, the company developed its strategic risk management through four elements: (1) Enterprise Risk Management, (2) Monte Carlo Simulations, (3) Active Risk and Opportunity Planning (AROP), and (4) Preparing for Uncertainty. This four-step approach was started in 2006 and led by Hans Læssøe, senior director of strategic risk management at LEGO System A/S. LEGO’s strategic risk management is a good illustration of how organizations can develop their risk management capabilities and processes in incremental steps. This article describes the four elements of LEGO’s risk management, as well as the PAPA model used to prioritize risks.

  • How the NC State ERM Initiative Views ERM vs. Traditional Risk Management

    January 10, 2012

    If a business has its doors open, then it is managing risk in some way. However, that does not mean the organization has an enterprise-wide, holistic, and strategic approach to risk management. Unfortunately, for many organizations, risk management is done through a silo or stove-pipe approach where certain types of risks are managed in silos with little consideration of how risks might interact or impact other areas (silos) of the business. Dr. Mark Beasley, Deloitte Professor of ERM and Director of NC State’s ERM Initiative, describes the vision of the Enterprise Risk Management Initiative at NC State University, explains how enterprise risk management leverages work done in a silo or stove pipe approach to bring together risks from all across an enterprise so that boards and senior management have a better view of potential emerging risks most likely to impact the strategy of the organization.

  • How ERM May Impact Credit Ratings

    January 10, 2012

    Standard & Poors started looking at ERM in banking and insurance companies in the mid 2000s. Steve Dreyer, Managing Director and Practice Leader at Standard & Poors, provides insights at points of focus S&P considers as it evaluates an organization approach to ERM and how their assessments might impact the organization’s overall credit rating. He highlights factors related to the kind of environment that fosters a strong ERM process and its overall fit within the organization’s culture. He also speaks to obvious failures in a risk management process, and how ERM has to be done correctly to be effective within an organization.

  • Compiling and Presenting Interview Data from Risk Interviews

    January 10, 2012

    After conducting 80-90 interviews seeking the identification of major risk exposures facing the company, David Hughes, Assistant VP of ERM and Business Continuity Planning at Hospital Corporation of America (HCA) has a massive amount of data to compile and disseminate. During our interview of David, he speaks about how HCA breaks down the top ten risks by the type of risk and by level of management who identifies a risk to be a major risk. Hughes also tells how HCA informs its board members about what the top risks that the corporation faces as a whole.

  • Risk Management in Deloitte’s 2011 Board Practices Report

    January 01, 2012

    Deloitte’s 2011 Board Practices Report provides current information on topics of corporate governance. The report is based on the results of a survey distributed to the members of the Society of Corporate Secretaries and Governance Professionals, Inc. This summary highlights the findings related to strategy and risk management. Questions relating to strategy included the level of board involvement and how strategy is developed. The risk management discussion focused on risk oversight as well as how well it aligns with the company’s strategy.

  • Managing Reputational Risk

    January 01, 2012

    Negative events that damage an entity’s reputation can be extremely difficult and costly to overcome. Generally, once an organization’s reputation is scarred, it remains that way for life.Deloitte issued a thought paper to help organizational leaders think about and manage risks that might impact the entity’s reputation. While challenging to manage, there are steps organizations can take to keep their pulse on events that might trigger a negative reputational image.

  • Special Report: Risk Lessons from the 2011 Japan Earthquake Disaster

    January 01, 2012

    In the Global Risks 2012 report, the World Economic Forum features a special report on the Great East Japan Earthquake of March 2011. The special report highlights some lessons learned from the crisis that can be applied by governments and businesses. Some of the lessons include the necessity of redundancies for risk resilience, the value of adaptive leadership, and the importance of timely communication during a risk event.

  • Risk Committees

    January 01, 2012

    While most often the board of directors delegates risk oversight to the audit committee, increasingly boards of creating separate board level risk committees charged with that responsibility. This is particularly true for financial services firms, given requirements imposed by the Dodd-Frank legislation for larger banks to form separate risk committees. In an effort to assist companies who are considering the establishment of a board risk committee, Deloitte has organized a resource guide of ideas, recommendations, and specific tools. This resource will help assist those entities that will need to be in compliance with the Federal Reserve’s requirements developed to implement the provisions of Dodd-Frank. Although the guide is helpful for companies that must comply with the new Dodd-Frank regulations, it can be useful for any company that wishes to obtain more information on risk governance and oversight.

  • The World Economic Forum’s Global Risks 2012 Report

    January 01, 2012

    The World Economic Forum’s seventh edition of the Global Risks 2012 report details the survey results of 469 global experts from different sectors. The experts ranked the likelihood and impact of 50 global risks that are major concerns of governments, businesses, and other groups. The risks are divided into five categories namely economic, environmental, societal, geopolitical, and technological risks. The report surveys global experts and aims to provide the survey results to assist political, business and other world leaders to be aware of the current global risks that need to be managed timely and effectively.

  • IT Projects – Black Swans Aren’t so Rare

    December 01, 2011

    IT projects can bring about significant, positive change for a company. However, many times just the opposite happens, as 16% of IT projects are affected by “black swan” risk events of going over budget by 200% or going over schedule by 70%. Failed projects also have led to the downfall of many companies such as Kmart, Auto Windscreens, and Toll Collect. This Harvard Business Review article reviews the similarities between successful and unsuccessful IT projects.