ERM Frameworks and Fundamentals Articles

  • S&P Releases Scores for Management and Governance Evaluations

    May 13, 2013

  • Making the Connection Between Strategy-setting and Risk

    December 21, 2012

    Organizations invest a great deal of effort in developing and executing their business strategies. Even so, winning business models are all-too-often subject to catastrophic failures in the blink of an eye. Didn’t these companies see trouble coming? The answer: probably not, but only because executive managers did not think hard enough about risk during the strategy-setting process. This white paper from Protiviti Inc. explores the concept of strategic risk and provides an approach for incorporating risk assessment into the process of strategy-setting. By combining these processes, managers will be better equipped to make decisions for their organizations now and in the unknown future.

  • S&P’s Management and Governance Rating Criteria - 2012

    November 13, 2012

    NEW YORK (Standard & Poor's) Nov. 13, 2012--Standard & Poor's Ratings Services today published its criteria for evaluating enterprises' management and governance credit factors in an article titled "Methodology: Management And Governance Credit Factors For Corporate Entities And Insurers." (See also "How We Use Management And Governance Credit Factors," published today.)

  • The Future of ERM

    October 02, 2012

    Steve Dryer, Managing Director and Practice Leader at Standard & Poors, speaks to whether he thinks Enterprise Risk Management is just another consultant’s fad or if it will be an enduring process and way of thinking. He states that he believes though the name may eventually fade away, the underlying concepts that make up ERM will survive through the test of time. Mr. Dryer expects that ERM will slowly evolve with best-practices surviving the test of time. He also expects S&P to catch some heat for evaluating such a “soft” part of a company as opposed to its traditional “hard numbers” based approach to examining companies. However, he states this is an important part of their evaluations.

  • Risk Appetite: A Conversation of Governance

    June 01, 2012

    Managers often view risk appetite as a highly theoretical concept: one that is determined instead of discussed, irrelevant instead of practical, or static instead of adaptive. This paradigm is due to the notion that risk appetite reflects a short term risk philosophy of the company, and the frequency of which risk appetite is viewed as being congruent with risk tolerance. The authors of this Protiviti white paper discuss the importance of developing and maintaining a risk appetite statement as well as using it to spur conversation between management and the board of directors in the governance process.

  • Categorizing Risks for More Effective Risk Management

    June 01, 2012

    Organizations often employ a rules-based model to manage risk; however history suggests that such an approach may not be an effective way to manage all types of risk. This Harvard Business Review article provides a framework for thinking about risk management that is centered on breaking an organization’s risks into three categories. The authors demonstrate, through real-world examples, how each category of risk is best managed through certain types of risk management mechanisms. Each of these mechanisms plays a role in strengthening the organization’s overall risk management function.

  • Managing Levels of Innovation Risk

    May 01, 2012

    The highly competitive landscape and the rapid pace of change means organizations must continually seek to innovate to survive and grow. For many, their rush to get new innovations to market overlooks critical risks that threaten the success of those initiatives. More organizations are seeing first-hand how difficult of a task it is to mitigate innovation risk. A recent Harvard Business Review (HBR) article highlights how organizations can, through the balance of diversifying and appropriately focusing efforts within their innovation portfolios, achieve higher returns over their long-term innovation investments. The authors of this article discuss issues dealing with managing innovation and ways to initially guide management.

  • Learning from Duke University’s Enterprise Risk Management Process

    March 01, 2012

    A place where ERM hasn’t been embraced as quickly in the corporate world is academia. However, that may be changing as major universities such as Duke and the University of Washington have begun to develop robust ERM processes. Though the functions of universities range from education to athletics and vary from school to school, the lessons learned by Duke, can not only be applied to academia, but also to other organizations looking to implement ERM in their business.

  • Understanding and Communicating Risk Appetite

    February 01, 2012

    Risk appetite, as defined by COSO, is the “amount of risk, on a broad level, an organization is willing to accept in pursuit of value.” While the overall concept of risk appetite makes sense, organizational leaders find it difficult to find practical ways to articulate the organization’s appetite for risk-taking. As a result, risk appetite is often not discussed in many organizations. However, many are realizing that as their ERM processes mature, they need to tackling articulating risk appetite. Developing and articulating risk appetite needs to be engrained into the culture of an organization.COSO has developed this thought paper on Risk Appetite to provide practical illustrations of effective ways boards and senior executives can identify and communicate its appetite for risk taking across the enterprise.

  • How the NC State ERM Initiative Views ERM vs. Traditional Risk Management

    January 10, 2012

    If a business has its doors open, then it is managing risk in some way. However, that does not mean the organization has an enterprise-wide, holistic, and strategic approach to risk management. Unfortunately, for many organizations, risk management is done through a silo or stove-pipe approach where certain types of risks are managed in silos with little consideration of how risks might interact or impact other areas (silos) of the business. Dr. Mark Beasley, Deloitte Professor of ERM and Director of NC State’s ERM Initiative, describes the vision of the Enterprise Risk Management Initiative at NC State University, explains how enterprise risk management leverages work done in a silo or stove pipe approach to bring together risks from all across an enterprise so that boards and senior management have a better view of potential emerging risks most likely to impact the strategy of the organization.

  • How ERM May Impact Credit Ratings

    January 10, 2012

    Standard & Poors started looking at ERM in banking and insurance companies in the mid 2000s. Steve Dreyer, Managing Director and Practice Leader at Standard & Poors, provides insights at points of focus S&P considers as it evaluates an organization approach to ERM and how their assessments might impact the organization’s overall credit rating. He highlights factors related to the kind of environment that fosters a strong ERM process and its overall fit within the organization’s culture. He also speaks to obvious failures in a risk management process, and how ERM has to be done correctly to be effective within an organization.

  • Risk Management in Deloitte’s 2011 Board Practices Report

    January 01, 2012

    Deloitte’s 2011 Board Practices Report provides current information on topics of corporate governance. The report is based on the results of a survey distributed to the members of the Society of Corporate Secretaries and Governance Professionals, Inc. This summary highlights the findings related to strategy and risk management. Questions relating to strategy included the level of board involvement and how strategy is developed. The risk management discussion focused on risk oversight as well as how well it aligns with the company’s strategy.

  • Enterprise Risk Management and the Banking Crisis:  Lessons Being Learned

    November 02, 2011

    Many critics of ERM point to the banking crisis of 2008 and 2009 as an example that ERM does not work. Steve Dreyer, Managing Director and Practice Leader at Standard & Poors, explains how banks either weren’t practicing ERM correctly or didn’t have strong metrics in measuring their risk assessment. He speaks to how he believes banks were simply doing risk management in name only and they didn’t look at risks beyond a typical scope.

  • Proactively Managing External Relationship Risk

    November 01, 2011

    The focus on managing third-party risk is becoming prevalent in the current business environment as more organizations turn to external providers to gain access to needed services, reduce costs, or achieve other strategic advantages. While most executives recognize the importance of thinking through risks associated with delegating key tasks to external parties, several studies suggest the extent of vendor risk assessments is lacking and they fail to be adequately resilient in holding vendors to certain risk management standards. A recent thought paper by Crowe Horwath presents a process for managing third-party relationship risks by utilizing a risk landscape framework. They highlight three steps to implement a successful third party risk management program.

  • The ERM Process at Xerium Technologies Part 2

    November 01, 2011

    Bonnie Hancock speaks with Fred Caloggero, VP of Audit Services at Xerium Technology, about the ERM process that he helps lead at the company. Many companies look at risk on a two scale plane, considering likelihood and impact; however, Xerium adds in the aspect of velocity – the speed of which a risk can be onset at a company. By looking at things like Key Performance Indicators and Key Risk Indicators, a company can be more aware of the velocities of various risks.

  • Risk Oversight Improving: 2011 Proxy Disclosures

    August 30, 2011

    After conducting a second analysis of risk-related proxy disclosures of S&P 200 companies, Deloitte found that overall risk practices improved between 2010 and 2011. There were percentage increases in 11 out of the 12 considerations used in the research. In 2011, more companies disclosed that their risk oversight/management processes were aligned with the corporate strategy. In addition, more companies disclosed that other board committees, than solely the audit committee, are involved in risk oversight.

  • Avoiding Confirmation Bias in Decision Making

    August 01, 2011

    Executives today are becoming even more aware of the biases within their own mind that can prevent them from making the correct decisions. One of these major biases is confirmation bias, which is the phenomenon in which people throw away any evidence as irrelevant if it contradicts their initial notion of the situation. Increased awareness of the decision making process can help executives better evaluate situations when coming to a major decision. Confirmation bias is likely to be present in any risk identification and risk assessment task as new information comes to light that might contradict our preconceived notions about a risk event. This thought paper explores twelve questions to think through before jumping into the deep end and making a major decision with an unfounded assumption as its base.

  • A Comprehensive Guide to Risk Appetite and Risk Tolerance

    May 01, 2011

    With the scarcity of useful guidance to help organizations determine risk appetite and risk tolerance, the Institute of Risk Management (IRM) is seeking to clarify and produce guidance to more effectively communicate an understanding of risk appetite. As a result, IRM released a consultation paper with detailed approaches for developing and using risk appetite and risk tolerance in risk management. In addition to the guidance provided, questions are listed throughout the document with the suggestion that they be asked in the boardroom to ensure that risk appetite and risk tolerance are being adequately addressed.

  • Increasing Risk Awareness for Mission Critical Objectives of Not-for-Profit Organizations

    April 26, 2011

    Even though risk management is in the spotlight among for-profit organizations, effective risk oversight is needed for not-for-profit organizations, too. A whitepaper published by the AICPA highlights the relevance of risk oversight and importance of developing an enterprise view of risks in not-for-profit organizations.

  • Homeland Security Risk Management Fundamentals

    April 01, 2011

    The Department of Homeland Security (DHS) plays a critical role in leading a unified effort in the management of the diverse and complex set of risks facing the United States. To strengthen capabilities in fulfilling its mission, DHS has created a Risk Management Fundamentals to provide a structured approach for the distribution and use of risk information and analysis efforts across the Department. The publication lists key principles, discusses approaches, and explains the process of effective risk management intended for DHS organizations and personnel to adopt.

  • Implementing Effective Enterprise Risk Management and Compliance

    March 01, 2011

    The costs and processes of implementing an effective enterprise risk management approach can seem intimidating to an organization. This research paper by the Economist Intelligence Unit highlights four stages of the maturity cycle of ERM adoption. The paper suggests steps to consider when transitioning to a mature ERM implementation. Throughout the document, a range of experts emphasize the value of integrating ERM into business processes and some essential steps necessary for effective ERM adoption.

  • Board Risk Oversight – A Progress Report

    December 21, 2010

    COSO, in partnership with Protiviti, surveyed over 200 individuals currently serving on corporate boards of directors about the current state of enterprise risk management. Board members were divided on the effectiveness and maturity of their processes and efforts, according to the survey. While 53 percent of participants rated the risk oversight process in their organizations as “effective” or “highly effective,” more than 70 percent indicated that their boards are not formally executing mature and robust risk oversight processes. This report summarizes insights based on the results of this survey, including Protiviti’s insights and recommendations for improvement.

  • Five Secrets to Achieve Effective Risk Management

    December 01, 2010

    A whitepaper published by Protiviti introduces five secrets to help organizations build risk management as an effective and strategic contributor to the success of their business. With the deployment of all five secrets, chief risk officers will be able to advise management when to act or pass on potential great opportunities based on the risks involved. Additionally, the organization’s culture will be aligned with the performance and risk management methodology if all five secrets are applied.

  • Avoid Being Blindsided by Risks: Focus on Key Assumptions

    December 01, 2010

    Strategic risks and opportunities are constantly changing in the business environment, especially in the current volatile economic climate. The roller coaster of uncertainty often results in organizational leaders being blindsided by unexpected emerging risks that they did not consider in strategic planning. Sometimes that surprise is a result of management’s incomplete understanding of key assumptions underlying their strategic risks and opportunities. This Deloitte thought paper discusses some common reasons for this blind spot and presents a risk intelligent strategy to address this issue.

  • A Four-Step Risk Approach to Strategy Execution

    December 01, 2010

    Organizations are seeing the value of adopting a risk-based approach to execute strategies in order to survive in a post-recession world. This approach enables managers to focus on opportunities in strategic plans, as well as minimizing the potential impact of threats. A recent article in the Journal of Business Strategy outlines four steps to execute a strategy using a risk-based approach.

  • Data Risk Management – Applying a Holistic Approach

    September 30, 2010

    Due to the increasing costs associated with protecting and maintaining data, a holistic approach to data risk management is becoming essential to organizations. A whitepaper published by IBM discusses the framework and practices involved in using a holistic approach for implementing data risk management programs across organizations.

  • Incorporating Risk Management into Corporate Governance

    September 23, 2010

    In response to significant changes in corporate governance due to the events in the financial markets in the first decade of the 21st century, the New York Stock Exchange (NYSE) created the Commission on Corporate Governance to conduct a comprehensive review of corporate governance principles. The NYSE developed a white-paper that explores the commission’s research findings and recommendations for organizations. Several aspects relate to effective risk management.

  • Managing Uncertainty: Ten Considerations

    July 01, 2010

    The downfall of companies during the recent economic crisis seemed endless and unbiased. When the business world went in search of the reason, everyone kept coming back to the same topic: risk. Organizations weren’t properly understanding and managing risks leading to unforeseen catastrophes and missed opportunities. This article focuses on ten skills that are essential during uncertainty.

  • Reducing Risk Detection and Reaction Time

    July 01, 2010

    The recent credit crunch and economic downturns have caused businesses across the globe to face new, diverse risk-related challenges. Many companies are slow to detect and react to these risks that arise, which threatens their competitiveness and even their survival. This article explains how to shorten your company’s risk detection and reaction time through a company-wide risk “language.” This will enable your organization to be able to better protect and potentially create value and gain a competitive advantage for your organization.

  • Balancing Risk Appetite and Strategy Execution

    July 01, 2010

    Good risk management involves making informed and rational decisions considering the risks the company wants to take in pursuit of its objectives and regarding the measures used to mitigate and manage risks. This publication explores how companies can effectively define risk appetite, risk tolerance, and risk targets to execute strategies and perform effective risk management to gain a competitive advantage.

  • The People Side of Risk Intelligence

    June 01, 2010

    This recent whitepaper in the Deloitte Risk Intelligence Series explores the intersection of talent and risk within organizations. It points out that concerns over talent management are actually imbedded in risk management issues and should be treated as such. A key characteristic of a Risk Intelligent Enterprise is that it has integrated talent management into overall risk management to understand the noticeable impact talent management can have on significant risks.

  • Adding Value, Not Bureaucracy: Linking Governance, Enterprise Risk Management and Internal Controls

    January 01, 2010

    Risk management has quickly become the most targeted area of improvement since the financial crisis for businesses to help prevent another crisis or lessen the impact if another one were to occur. With this intensified focus comes confusion about how ERM applies to corporate governance and internal controls. This article by Bonnie Hancock briefly explores these relationships and how they should be understood within an organization.

  • A Balance Between Bureaucracy and Personalization

    December 01, 2009

    The recent economic downturn led to the failure of many risk management systems across companies. Organizations found that the traditional silo-based approach to risk management did not effectively identify emerging risks in a timely manner. However, Bristol-Myers Squibb and The Home Depot provide two examples of companies who were prepared as the result of simple, but highly effective risk management systems that are able to find a balance between bureaucracy and personalization.

  • Enterprise Risk Management: Meeting Today’s Challenges

    December 01, 2009

    Changes in technology, globalization, and the nature of business transactions create challenges for organizations to assess and manage risks that may affect the accomplishment of business objectives. In order to meet today’s challenges, organizations are beginning to employ structured enterprise-wide risk management approaches to balance risk and opportunity. An AICPA Audit Committee Brief emphasizes the importance of an enterprise-wide risk management approach and describes the steps to achieve effective ERM processes.

  • Strengthening Enterprise Risk Management for Strategic Advantage

    November 04, 2009

    COSO’s Strengthening Enterprise Risk Management for Strategic Advantage focuses on specific areas where the board of directors and management can work together to improve the board’s risk oversight responsibilities and ultimately enhance the entity’s strategic value. This thought paper expands on COSO’s Effective Enterprise Risk Oversight: The Role of the Board of Directors and provides further detail on the four specific areas discussed in that document.

  • Current State of Enterprise Risk Management

    September 01, 2009

    The recent economic crisis has forced many companies to evaluate their risk management process. The authors of this article conducted a survey to gain a better understanding of risk oversight. The survey results show that although most organizations indicated an increase in the volume and complexity of their risks, they have a fairly immature risk management process in place. The survey also revealed information about barriers to implementing a top-down risk management process and how executives can fuel this process within their organization.

  • Effective Enterprise Risk Oversight: The Role of the Board of Directors

    September 01, 2009

    COSO’s Effective Enterprise Risk Oversight: The Role of the Board of Directors is focused on aiding boards of directors in strengthening their enterprise risk oversight responsibilities. The current economic crisis has caused the role of the board of directors to become far more challenging than in the past. The thought paper highlights critical board responsibilities by using four specific areas in COSO’s Enterprise Risk Management – Integrated Framework that contribute to board oversight of enterprise risk management.

  • The Evolution of Internal Audit and ERM

    August 01, 2009

    Traditionally, internal audit has focused primarily on identifying policy violations and encouraging compliance with regulations. However, internal audit departments have recently turned their efforts towards an integrated approach to risk management. This evolution of internal audit came about as a result of both the changing nature of the market and industry regulations. The new outlook also involves a transition from a document-centric approach to a data-centric approach, allowing internal audit to take advantage of technology that can enhance enterprise risk management (ERM).

  • How Risk Management Is Changing in Response to the Economic Crisis

    July 01, 2009

    The economic crisis is changing the risk management landscape in various ways. The government bailouts enacted in response to the economic crisis will have many effects, with the greatest potential effect on risk appetites of organizations. The magnitude and frequency of bailouts could encourage increased risk appetites or there could be increased risk aversion in response to what is currently perceived as a high-risk environment. Another way in which the economic crisis is shaping risk management is that increased security risks and decreased security budgets are encouraging an enterprise risk perspective to better enable organizations to track, quantify, and analyze shifting thresholds of risk. This enhanced perspective can then be used to address concerns such as insider threats, information risk, and product protection.

  • Enterprise Governance, Risk and Compliance Platforms

    July 01, 2009

    As enterprise-wide risk management concerns have grown, so too has the market for enterprise governance, risk and compliance GRC platform vendors. This article not only describes the underlying technologies of these platforms, but provides the detailed results of Forrester Research Inc.’s product evaluation of fourteen GRC platform vendors.

  • Six Ways Companies Mismanage Risk

    March 01, 2009

    Effective risk management is difficult even in the best situations, and failure of risk management can cause large losses within an organization. There are six fundamental mistakes risk managers routinely make: relying on historical data, focusing on narrow measures, overlooking knowable risks, overlooking concealed risks, failing to communicate, and not managing in real time. Augmenting conventional risk modeling techniques with scenario analyses of catastrophic risks and strategies for surviving these risks can improve risk management effectiveness.

  • Ten Practical Lessons for Risk Management

    March 01, 2009

    Recent events have uncovered significant deficiencies in the way risks are managed at financial institutions and many other companies. Research into these deficiencies shows ten practical lessons companies can apply to address current weaknesses and strengthen risk management systems. By wielding appropriate authority, gaining support from senior management, and thoroughly examining the models and incentive systems used, risk managers can greatly improve companies’ risk management systems.

  • Risk Management Platforms

    February 01, 2009

    Taking risks is a vital part of business; however, managing risks effectively is becoming increasingly critical as well. The recent economic crisis is encouraging companies to take a deeper look at their risk management practices and implement a formalized framework to identify and respond to risks. This article examines why and how organizations should implement risk management, as well as barriers to implementation.

  • Optimism Thwarts Risk Identification

    January 31, 2009

    Many culprits have been identified as causes to the current financial crisis, from faulty risk models to basic human greed. Susan Webber takes a step back to examine the culture that underlies errors which led to the current climate. In this article, she examines how a “yes man” environment creates a dangerously optimistic decision-making process. Valuing good news and positive thinking over observing realistic restraints to business strategy can prove disastrous in the long run for a company.

  • Risk Mis-Management

    January 04, 2009

    The largest banks and investment firms in the United States took excessive risks over the past few years, contributing to the current financial crisis; however, there was little indication to many that these risks existed. This is partially due to widespread institutional reliance on Value at Risk (VaR) models to measure the amount of risk in company portfolios. VaR can measure the boundaries of risk in a portfolio over a short duration in a normal market, but it does have some limitations. VaR input includes only recent events and not data from historic times of stress, it does not measure the largest risks that have a small probability of occurrence, it has problems properly accounting for leverage, and its overall measure can be manipulated. Despite these shortcomings, VaR and other risk models can still be useful when they are not relied on alone but combined with human judgment.

  • ERM is Vital for Businesses and the Economy

    January 01, 2009

    With the recent financial crisis many wonder if risk management could have prevented or minimized the fall out. The answer is yes. However many companies fail to properly implement risk management and therefore they do not fully understand the risk they are undertaking. Failures occurred because companies don’t fully understand the proper steps for effective risk management. This report addresses where companies failed and the areas companies need to improve to prevent another financial crisis.

  • Financial Industry Assesses Role of Risk in Credit Crisis

    January 01, 2009

    This global survey conducted by KPMG in conjunction with the Economist Intelligence Unit in October 2008 summarizes responses from over 500 world-wide risk management senior officers in the banking industry about the role risk management played in the current economic crisis and how enterprise risk management would be used going forward. The report based on this survey highlight several themes permeating banking culture’s utilization of risk management that helped allow the current credit crisis. The report provides insights as to possible solutions, which many of the respondents are planning to or are currently taking.

  • Global Risk Management Survey

    January 01, 2009

    AON conducted a global risk management survey in October and November 2008 with risk managers and chief risk officers comprising two-thirds of respondents. Responses represent 551 organizations of various sizes and industries in over 40 countries. A similar survey was conducted two years ago and there is a comparison of the key and emerging risk issues highlighted. The top ten risks facing businesses, overall risk preparedness, and losses related to risks are addressed. Key business topics such as identifying, assessing, measuring, and managing risk; board oversight and involvement; and risk management departments and functions are discussed. One consistent theme through all the findings is that the worldwide economic downturn has had an enormous impact on how risk is approached and managed.

  • The Convergence of Enterprise Performance Management and Risk Management

    December 31, 2008

    Organizations can increase their probability of achieving strategic objectives by taking an integrated approach to deploying strategy and managing associated risks. The Performance/Risk Integration Management Model (PRIM2) provides a framework for organizations to consistently communicate and deploy strategies, proactively identify and manage inherent risks in the strategy, and ensure integration of strategic plans, risk management, and performance management in strategy execution. PRIM2 also provides real-time transparency into an organization’s operations, facilitating continuous alignment of strategy, risk management capabilities, and performance management. While the details of a PRIM2 infrastructure will vary across organizations, there are several core elements that should be incorporated in any PRIM2 framework. Implementation of a PRIM2 framework is intended to establish and maintain a balance between the enhancement and protection of an organization’s shareholder value.

  • Keeping ERM implementation Simple

    December 01, 2008

    ERM has gained increasing attention in the current economic environment. Investors, regulators and chief officers alike look to managing enterprise-wide risks as a magic bullet to rebuild trust and prevent future major events like the credit crisis. In this article, Neil Baker looks to companies who have been engaged in ERM for the past several years. These companies appreciate the benefits, but site obstacles to implementation.

  • Contrasting Old and New Models of Risk Management

    November 30, 2008

    This article details the growing importance of ERM and contrasts ERM with old models for risk management to illustrate how ERM, if positioned correctly, can add value to companies today. ERM today is all encompassing, takes a team, requires management to set the mindset and culture of the company, is not all about insurance, requires partners in strategy development, is not a once-a-year exercise, and viewed through a wide-angle lens.

  • Preparing For S&P Integration of ERM

    October 01, 2008

    Standard and Poor’s (S&P) is integrating an evaluation of enterprise risk management (ERM) into corporate credit ratings beginning in 2009. S&P has considered ERM when rating financial institutions and insurance companies previously and decided to expand the consideration of ERM to all rated companies. This incorporation of ERM into the credit rating process signals that S&P believes that companies with strong ERM capabilities are a better credit risk. This article highlights key aspects of ERM that S&P intends to consider when evaluating ERM preparedness at organizations they evaluate.

  • Standard & Poor’s Applies ERM Analysis to Ratings

    May 01, 2008

    Beginning in the third quarter of 2008, Standard and Poor’s will incorporate Enterprise Risk Management (ERM) into discussions at regularly scheduled credit review meetings. The discussions of ERM will focus on the organization’s risk management culture and strategic risk management. This abstract provides a brief overview of S&P’s ERM evaluation plans.

  • Risk Appetite:  A multifaceted approach to risk management

    April 01, 2008

    Articulating an organization’s risk appetite continues to be a difficult undertaking, with many organizations failing to connect their risk appetite to strategy and capital allocation. A recent IBM thought paper considers risk management from a financial perspective by focusing on the sustainability of profits and the risk-return balance that risk management activities must achieve to be successful. The discussion is based on a more complex concept of risk appetite that balances risk hunger against risk aversion to discover improvements that can be made to current risk management practices.

  • Overview of S&P Proposed ERM Evaluation

    February 04, 2008

    Standard & Poor's proposed expansion of ERM program evaluation to the nonfinancial sector has the potential to significantly affect the credit ratings process for firms in the seventeen industry sectors to be included in their revised analyses.

  • Assess the Risks – Key Strategies for Overseeing Derivatives

    December 31, 2007

    In recent years the use of derivatives by mutual funds has soared. Yet, there has been little guidance offered to boards on the oversight roles when it comes to derivatives. This article offers nine key points to help boards better understand and assess the risks regarding the use of derivatives. Although, this paper is focused on specific boards overseeing mutual funds, many of the points can be applied to any board or manager’s oversight of derivatives.

  • Enterprise Risk Management: The Full Picture

    December 01, 2007

    An Aon Global Risk Consulting survey conducted among 103 organizations in July 2007 aimed at supporting global organizations in developing enterprise risk management (ERM) strategies throughout various organizational cultures and utilizing sufficient resources to support ERM development and maturity. Key issues are addressed that challenge organizations ability to successfully implement an ERM function, all varying across corporate cultures and regions of the world.

  • Standard & Poor’s Releases a Request for Comment on ERM

    November 15, 2007

    On Thursday, Nov. 15, 2007, S&P issued a request for comment on their proposal to include an assessment of corporate enterprise risk management practices as a key component of their overall credit ratings analysis for nonfinancial companies. S&P proposes to include ERM analysis into their corporate credit rating process as the principal methodology to evaluate management and to determine the overall business profile--a key factor in the S&P credit rating. Four major analytic components will comprise the S&P ERM evaluation. These include analyses of risk management culture and governance, of risk controls, of emerging risk preparation, and of strategic risk management.

  • Looking to the Future with ERM

    June 05, 2007

    The article focuses on the increasing number of disasters we have faced in recent years and the use of enterprise risk management (ERM) to prepare businesses for such problems. Because of ERM’s holistic approach, every operation of a business is involved with managing risks together on a daily basis. This holistic crusade for risk management is the key to success and the means for businesses to thrive long into the future.

  • Risk Language

    June 01, 2007

    Internal Auditor recently published an article titled, The Language of Risk, which stresses the need for a clear risk language throughout all organizations. By using a common language, different levels of a business can communicate more effectively. Without a common risk language, lots of time can be wasted in clarifying risk issues that are miscommunicated