Articles: Business Case for ERM

  • Managing Disruptions by Bifurcation

    December 01, 2012

    Proactively managing risks gives managers viable strategies when opportunities or threats emerge. However, even the most proactive companies experience an event or events that require reactions from management. At times, this process involves reinventing the company’s business model while divesting or disowning what made it successful. The authors of a recent Harvard Business Review paper argue that companies can diversify risk and capitalize on disruptions by bifurcating their strategies: a market-adaptive model that repositions its legacy business while also developing a new growth model that is forward-looking. Even though the strategies are divergent, companies should manage them in such a way that they share resources to create synergies in what the authors call “capabilities exchange”.

  • The Future of ERM

    October 02, 2012

    Steve Dryer, Managing Director and Practice Leader at Standard & Poors, speaks to whether he thinks Enterprise Risk Management is just another consultant’s fad or if it will be an enduring process and way of thinking. He states that he believes though the name may eventually fade away, the underlying concepts that make up ERM will survive through the test of time. Mr. Dryer expects that ERM will slowly evolve with best-practices surviving the test of time. He also expects S&P to catch some heat for evaluating such a “soft” part of a company as opposed to its traditional “hard numbers” based approach to examining companies. However, he states this is an important part of their evaluations.

  • Education of ERM Concepts at the Collegiate and Corporate Levels

    October 02, 2012

    Laurie Brooks, retired Chief Risk Officer at Public Services Enterprises Group and current board of director at Provident Financial Services, shares her views about the long-term viability of ERM and how ERM is an expected core competency skill of executives. She argues that should simply be seen as a good management practice and looking at risks from an enterprise-wide view should be seen as the normal thing to do, not a specialized thing to do. She also tells about how to tell the maturity of ERM at a company by how risks are assigned and overseen.

  • Super Bowl Embraced ERM

    June 01, 2012

    Imagine being responsible for managing risks related to the NFL Super Bowl. With the millions of viewers drawn to this event each year, one shudders to think about an event occurring that shuts down the game or postpones it for a period of time. For the 2012 game, the Host Committee decided to embrace enterprise risk management (ERM) principles to help coordinate all the silos of responsibilities being assumed by the staff and the thousands of volunteers involved. A number of lessons can be drawn from this experience.

  • Sustainability:  Considerations that Can’t be Ignored from a Strategic Perspective

    May 17, 2012

    The topic of sustainability means a host of things to people. Many view it from a “going green” or “social responsibility” perspective. While there is value in considering sustainability related to those types of initiatives, boards and C-suites are finding greater strategic benefit in positioning their considerations of sustainability from a risk and opportunities perspective. They are trying to view sustainability from a lens that forces them to think how sustainability issues might affect the long-term viability of the entity’s business model. That is, they are seeking to integrate their sustainability thinking with their strategic planning and execution efforts. A recent MIT Sloan Management Review Research Report highlights emerging trends of how sustainability considerations are reaching a tipping point.

  • Lack of Senior Manager Support Impairs Risk Management

    May 01, 2012

    Here’s a new twist to “risk management”: one of the most damaging risks an organization may face is “management” itself. A recent article in Disaster Recovery Journal highlights the realities of how management’s attitude and embrace of risk management approaches can undermine the organization’s effectiveness at managing key risk events. Although many executives understand that risk management benefits everyone, not all share this view. The article outlines three categories of management that have a negative effect on an enterprise’s risk management strategies: management that ignores reasoned words, management that works against others’ efforts and management that is nonexistent in the execution of a plan.

  • How to Manage Risks Associated with Organic Growth Strategies

    May 01, 2012

    A sound approach to organic growth enables an organization to sustain itself through the toughest circumstances in the business environment. The authors of this Harvard Business Review article believe that organic growth strategy is most effectively driven by top-level executives; however, the authors also demonstrate that executive leaders commonly neglect their important role in organic growth, exposing their organizations to several areas of risk. This article discusses four specific risk areas created by a lack of executive leadership over organic growth efforts. The article then provides corresponding rules that executives can follow to overcome these risks and drive organic growth within their organizations.

  • How the NC State ERM Initiative Views ERM vs. Traditional Risk Management

    January 10, 2012

    If a business has its doors open, then it is managing risk in some way. However, that does not mean the organization has an enterprise-wide, holistic, and strategic approach to risk management. Unfortunately, for many organizations, risk management is done through a silo or stove-pipe approach where certain types of risks are managed in silos with little consideration of how risks might interact or impact other areas (silos) of the business. Dr. Mark Beasley, Deloitte Professor of ERM and Director of NC State’s ERM Initiative, describes the vision of the Enterprise Risk Management Initiative at NC State University, explains how enterprise risk management leverages work done in a silo or stove pipe approach to bring together risks from all across an enterprise so that boards and senior management have a better view of potential emerging risks most likely to impact the strategy of the organization.

  • Enterprise Risk Management and the Banking Crisis:  Lessons Being Learned

    November 02, 2011

    Many critics of ERM point to the banking crisis of 2008 and 2009 as an example that ERM does not work. Steve Dreyer, Managing Director and Practice Leader at Standard & Poors, explains how banks either weren’t practicing ERM correctly or didn’t have strong metrics in measuring their risk assessment. He speaks to how he believes banks were simply doing risk management in name only and they didn’t look at risks beyond a typical scope.

  • How ERM Differs from Traditional Risk Management?

    November 02, 2011

    Often times, corporations don’t see the value in adding additional processes in order to have an enterprise-wide view of risk management. Laurie Brooks, retired Chief Risk Officer at Public Services Enterprises Group and current board of director at Provident Financial Services, explains how looking at risk across business segments and from both the bottom-up and top-to-bottom perspectives can really help companies see what risks they need to monitor most. Ms. Brooks also speaks of considering velocity and ability to handle risks when assessing a risk profile.

  • The ERM Process at Xerium Technologies Part 2

    November 01, 2011

    Bonnie Hancock speaks with Fred Caloggero, VP of Audit Services at Xerium Technology, about the ERM process that he helps lead at the company. Many companies look at risk on a two scale plane, considering likelihood and impact; however, Xerium adds in the aspect of velocity – the speed of which a risk can be onset at a company. By looking at things like Key Performance Indicators and Key Risk Indicators, a company can be more aware of the velocities of various risks.

  • Webinar Featuring Insights from Two COSO Risk Oversight Reports

    February 09, 2011

    Listen to a one-hour webinar, ERM and Board Risk Oversight – A Tale of Two Surveys from COSO, that highlights key findings and insights from two recent COSO released survey reports on the current state of enterprise risk management. The webinar features Dave Landsittel, Chairman, COSO, Mark Beasley, Director of the ERM Initiative at NC State, and Jim DeLoach, Protivi Managing Director. Click here to listen to the webinar and click here to view the presentation.

  • Impact of Risk Management Failures on the Financial Crisis

    January 03, 2011

    A report released by The Financial Crisis Inquiry Commission presents findings and conclusions related to the causes of the current financial and economic crisis in the United States. Failures of corporate governance and risk management at many systemically important financial institutions are among key causes of the crisis, as concluded by the Commission.

  • Case Study Illustrations of Launching ERM

    December 21, 2010

    The AICPA’s Business, Industry & Government Team commissioned faculty in the ERM Initiative to develop case study illustrations of how organizations have successfully launched ERM. Case Studies on ERM Implementations: Practical Illustrations for Launching Effective Enterprise Risk Oversight takes readers directly into the experience of a company as it is starting ERM and details each step of initiating and implementing enterprise-wide risk oversight. The central case study highlights several practical illustrations for jump-starting ERM. The guide also includes two shorter case studies to further enhance your understanding of ERM implementation.

  • ERM Roundtable Summit Panel Discussion – The Value Proposition of ERM: Strategic or Compliance

    October 01, 2010

    The ERM Initiative at NC State University hosted a half-day ERM Roundtable Summit on October 1, 2010 in Raleigh, NC. Following the keynote speaker who provided an overview of ERM at Target Corporation (see separate summary), a panel of chief risk officers and ERM related experts discussed the topic: “The Value Proposition of ERM: Strategic or Compliance.” The panel featured four individuals with real-world experience and leadership involving ERM efforts at their organizations. Several themes emerged from the panel’s discussion that are summarized in the following abstract.

  • ERM Roundtable Summit- Enterprise Risk Management at Target

    October 01, 2010

    At the October 1st, 2010 ERM Roundtable Summit hosted by the ERM Initiative at NC State, Tony Heredia, Vice President of Corporate Risk and Responsibility for Target, Inc., provided an overview of ERM at Target, Inc. leading up to the fall of 2010. As a leading U.S. based retailer and ownership of the largest retailer credit card portfolio, Target, like its competitors, faces a variety of diverse risks on a daily basis.

  • How Did BP’s Risk Management Lead to Failure?

    July 01, 2010

    Recently, the news has been flooded with updates on the environmental impact of the BP oil spill on the gulf coast and the economic impact on businesses in the surrounding areas. Many are wondering: How could something like this happen? Why has it taken so long to fix? What was BP management thinking? The answers to these questions are centered on one element the financial world has been buzzing about since the financial crisis: risk management. This article points out the critical components of risk management that were absent at BP and compares them to the basic principles any company should employ to successfully manage risks.

  • Managing Uncertainty: Ten Considerations

    July 01, 2010

    The downfall of companies during the recent economic crisis seemed endless and unbiased. When the business world went in search of the reason, everyone kept coming back to the same topic: risk. Organizations weren’t properly understanding and managing risks leading to unforeseen catastrophes and missed opportunities. This article focuses on ten skills that are essential during uncertainty.

  • Balancing Risk Appetite and Strategy Execution

    July 01, 2010

    Good risk management involves making informed and rational decisions considering the risks the company wants to take in pursuit of its objectives and regarding the measures used to mitigate and manage risks. This publication explores how companies can effectively define risk appetite, risk tolerance, and risk targets to execute strategies and perform effective risk management to gain a competitive advantage.

  • Aligning Risk Appetite and Risk Exposure

    June 28, 2010

    The devastating effects of the global credit crisis can be linked to the failure of organizations to embed risk management within the foundation of strategic and operational processes. Now, increased pressures from all around call for an integrated and aligned approach to risk management. This white-paper explores how organizations can effectively align performance and risk management processes to not only reduce risk but also embrace opportunities.

  • Report on the Current State of Enterprise Risk Oversight: 2nd Edition

    February 01, 2010

    This second edition report from the ERM Initiative at NC State University and the AICPA provides insight on how boards and senior management teams are responding the challenges of risk oversight in the current economic state. Increased pressures to strengthen risk oversight have pushed some management teams to implement an enterprise-wide approach to risk management while other organizations have maintained their traditional risk management procedures. The report indicates that over 76% of respondents indicated that key risks are being communicated on an ad hoc basis at management meetings, and that almost 70% noted that management does not report the entity’s top risk exposures to the board of directors. About half (48%) admit that they are “Not at All Satisfied” or are “Minimally” satisfied with the nature and extent of reporting to senior executives of key risk indicators.

  • Global Risks

    February 01, 2010

    After the shock to the global financial system in 2008, global risks were brought to the forefront of risk discussions. Surprisingly, the risk landscape has not changed much. What has changed is the level of realization that global risks are tightly linked and that vulnerability is truly global. This report outlines some of the top issues that are most likely to come to the forefront of the global risk landscape and is intended to improve global understanding and cooperation in meeting these future risk challenges.

  • Enterprise Risk Management:  Is it Relevant to Government?

    February 01, 2010

    Regulatory agencies and investors alike have come to a consensus; they are demanding that corporations engage in a fundamental review of risk management processes and make necessary improvements to bring risks in line with stakeholder appetite. Although this focus to strengthen risk oversight has been vastly applied to corporations, it is important that governmental entities follow suit, given important expectations that exist for those organizations too. This brief article by Mark Beasley sheds light on how ERM can be considered from a governmental point of view.

  • Integrating Risks and Strategies to Foster Stakeholder Value Growth

    October 01, 2009

    Every strategy that an organization undertakes in order to grow stakeholder value has risks and opportunities associated with it. There can be opportunity encompassed in a strategic plan that will increase stakeholder value, but the pursuit for this opportunity also brings risks that may decrease stakeholder value. Unfortunately, most organizations today do not integrate these two aspects into their strategic planning process. This white paper outlines tools that will help boards maximize stakeholder value by incorporating opportunities and risks into the strategic planning process.

  • Risk Intelligent Governance: A Practical Guide for Boards

    August 20, 2009

    A recent whitepaper issued by Deloitte LLP provides practical guidance for boards of directors to follow when enabling and executing “risk intelligent” governance. This whitepaper provides approaches to create value by implementing effective risk governance and to integrate different organizational sectors so that risks can be communicated and addressed at an entity level. Rather than being a comprehensive framework or set of risk management rules, this guidance provides a means to provoke thought on risk governance and provide the board with a reference point for implementing the appropriate risk oversight and governance procedures.

  • The Future of Risk

    July 31, 2009

    The current economic downturn has caused companies everywhere to question their risk management process and investigate ways to upgrade their risk management efforts. As risk complexity has increased, so too has company spending on risk management. While some companies are committed to increase resources spent on risk management, a majority will attempt to increase risk management efforts with existing resources. This reality can be achieved by balancing risk, cost and value across the enterprise.

  • S&P Issues Progress Report on ERM Integration into Credit Ratings

    July 22, 2009

    Standard & Poor’s recently published a report detailing the focus of their discussions with rated companies regarding ERM and insights gleaned from these discussions to date. So far, ERM discussions have been conducted with over 300 rated issuers and the report shares the seven questions used as the basis for these discussions. An interesting preliminary finding is that few companies have leveraged their ERM programs to identify risky opportunities that they are well-positioned to capitalize upon - most companies are currently focused on identifying and managing downside risks.

  • Determining the Value of ERM

    July 01, 2009

    In the current economy, companies are under pressure to justify all major investments, including enterprise risk management (ERM). In this article, KPMG provides some common approaches for valuing ERM programs or ERM components. Placing a value on ERM can help companies realize the return of their investment through reduced costs, increased reputation, and improved decision-making.

  • ERM in an Economic Downturn

    July 01, 2009

    Risks are necessary for success, but the failure to manage those risks effectively often leads to a plethora of negative outcomes for an entity. In the current economic environment, it is becoming increasingly important for companies to proactively respond to risks through an enterprise risk management (ERM) approach. Along with the benefits of assessing and managing risks, ERM can also positively affect a company’s credit rating and corporate governance outlook.

  • Global Risk Management Survey

    June 01, 2009

    Risk management today is becoming increasingly important to the marketplace because of the financial instabilities felt by all. This turbulent atmosphere in the marketplace since the early part of 2008 has not only scrutinized the risk management practices of companies, but has proven that there is a significant need for effective risk management capabilities, which allow companies to consistently assess risk while identifying and monitoring emerging risks and reacting to them in a timely manner.

  • Internal Audit’s Role in Managing Reputation Risk

    June 01, 2009

    Reputational risks and corporate missteps are having more significant impacts on bottom lines and stakeholder perceptions of companies than ever before. Therefore, companies are recognizing the importance of reputational risk and placing a greater emphasis on reputational risk management. Internal audit departments can play a significant role in helping companies manage reputational risks through their advisory and monitoring efforts.

  • Risk Preparedness

    June 01, 2009

    Risk intelligence is a risk management philosophy focusing on the use of both risk avoidance and risk-taking to create value. While this article deals with risk intelligence, it focuses on the risk avoidance aspects as it discusses prudently preparing for the occurrence of negative events. By adequately planning for business disruption events, companies can become more resilient and recover from events more quickly, therefore gaining a competitive advantage in the marketplace.

  • Balancing Enterprise Risk Management and Enterprise Performance Management

    June 01, 2009

    Poorly planned and executed risk management capabilities contributed to the collapse, and they are likewise impeding the recovery as companies have shifted from taking too many risks to taking too few. Companies that are able to effectively balance enterprise risk management and enterprise performance management will have more robust risk management capabilities and be poised to make better decisions and drive improved company performance.

  • Reputation Management

    May 31, 2009

    Reputation management is critical to organizations and it continues to grow more complicated. Companies in the past could earn reputations as good corporate citizens by making philanthropic contributions without significant alignment with a business strategy. However, nonstop access to information, a lack of trust in business, and an increasingly broad base of stakeholders have increased the importance of reputation management to companies as well as changed the ways in which companies need to act to successfully manage their reputations.

  • Getting Risk Appetite Right

    May 01, 2009

    While the concept of a risk appetite framework is sound and can provide many benefits to organizations, many of these frameworks failed during the current crisis due to design and application problems. Organizations can learn from several key failings in risk appetite frameworks that were highlighted by the crisis. Though this article looks at risk appetite from the perspective of banks, the suggestions are applicable to many types of organizations seeking to improve their risk appetite framework.

  • Reputation Risk Management

    March 01, 2009

    A 2008 survey investigated the status of reputation risk management at different companies and found that companies are aware of reputation risks but may not be sufficiently managing these risks. There are several methods for managing reputation risks, including engaging with stakeholders, monitoring the content and volume of media coverage of the company, monitoring performance against external ratings or benchmarks, and crisis management. Ultimately, for reputation risk management to be successful, it should be integrated into broader risk management frameworks and reputation risk factors should become a key aspect of business decision making.

  • Companies Succeed During Downturn with ERM

    January 01, 2009

    In the four-part series “Managing in a Downturn” produced by The Financial Times, Russell Walker comments on the place for enterprise risk management in the current economic environment. Walker uses JPMorgan, Berkshire Hathaway, Honda and Toyota to show how enterprise risk management (ERM) as part of an overall business strategy can help prepare a firm for unexpected events like the credit crisis.

  • The Convergence of Enterprise Performance Management and Risk Management

    December 31, 2008

    Organizations can increase their probability of achieving strategic objectives by taking an integrated approach to deploying strategy and managing associated risks. The Performance/Risk Integration Management Model (PRIM2) provides a framework for organizations to consistently communicate and deploy strategies, proactively identify and manage inherent risks in the strategy, and ensure integration of strategic plans, risk management, and performance management in strategy execution. PRIM2 also provides real-time transparency into an organization’s operations, facilitating continuous alignment of strategy, risk management capabilities, and performance management. While the details of a PRIM2 infrastructure will vary across organizations, there are several core elements that should be incorporated in any PRIM2 framework. Implementation of a PRIM2 framework is intended to establish and maintain a balance between the enhancement and protection of an organization’s shareholder value.

  • Boards of Directors and Risk Management in 2009

    December 08, 2008

    There will be many pressures on boards of directors in 2009 given the current economic climate, and several of these pressures revolve around the issue of risk management. This “white-paper” memorandum examines risk management in the context of key issues facing boards in 2009, roles and duties of the board, and board committees and procedures. Boards will need to focus on oversight of risk management, possibly establishing a dedicated risk management committee at the board level. Boards should also ensure executive and director compensation policies are aligned with stakeholder interests and that those policies do not promote excessive risk-taking. Another key focus for boards will be balancing short-term and long-term interests, resisting undue pressure for positive short-term results and positioning their companies for long-term growth.

  • Understanding and Articulating Risk Appetite

    December 01, 2008

    Risk appetite, when properly understood and articulated, can be a powerful tool for managing risk and enhancing overall business performance by better aligning decision-making and risk. Many organizations have a need for increased clarity regarding their risk appetite and this article provides insights on formulating and defining risk appetites.

  • Enterprise Risk Management Benchmark Survey

    December 01, 2008

    Deloitte conducted a survey of 151 companies over 2006 and 2007 to gauge the current state of ERM implementation. The survey found that interest in ERM is growing, driven primarily by regulations. The status of ERM programs is such that the primary uses and benefits are in traditional risk management areas, with little integration into the business areas focused on growth where respondents expect to see benefits. Survey results indicate the biggest challenge to ERM is demonstrating its value to the organization. There were many findings related to ERM implementation according to industry, region, and listing status; ERM program organization; and ERM policies, processes, and systems. The survey demonstrated that many companies are implementing ERM but are not realizing its full potential because they are focusing on asset protection and have not yet moved to incorporating value creation in their ERM programs.

  • Contrasting Old and New Models of Risk Management

    November 30, 2008

    This article details the growing importance of ERM and contrasts ERM with old models for risk management to illustrate how ERM, if positioned correctly, can add value to companies today. ERM today is all encompassing, takes a team, requires management to set the mindset and culture of the company, is not all about insurance, requires partners in strategy development, is not a once-a-year exercise, and viewed through a wide-angle lens.

  • Preparing For S&P Integration of ERM

    October 01, 2008

    Standard and Poor’s (S&P) is integrating an evaluation of enterprise risk management (ERM) into corporate credit ratings beginning in 2009. S&P has considered ERM when rating financial institutions and insurance companies previously and decided to expand the consideration of ERM to all rated companies. This incorporation of ERM into the credit rating process signals that S&P believes that companies with strong ERM capabilities are a better credit risk. This article highlights key aspects of ERM that S&P intends to consider when evaluating ERM preparedness at organizations they evaluate.

  • Companies Employing an Entity-Wide Risk Management Program Better Prepared for Credit Crisis

    October 01, 2008

    The CFO Europe Research Services paired with ING Wholesale Banking to research chief financial officer’s opinions on the current credit crisis. More than 450 senior executives across Europe responded in the summer of 2008, to questions about market, operational, and financial threats to their companies in the summer. The major finding was that companies employing a structured entity-wide risk management program were much better prepared for the credit crisis and accompanying rising commodity prices. Most companies without an ERM system were taking steps to implement one.

  • Outsourcing and Offshoring Decisions - Taking a Risk Intelligent Approach

    October 01, 2008

    When initiating the use of outsourcing and offshoring, companies should take a Risk Intelligent approach. In doing so, companies can better mitigate risks that develop from outsourcing and offshoring and optimize the benefits from such contracts. Companies should follow the steps within the outsourcing and offshoring lifecycle to when making outsourcing and offshoring decisions.

  • Using Six Sigma Techniques to Improve ERM Systems

    October 01, 2008

    Enterprise risk management can be difficult to implement and improve upon in an organization due in part to measurement challenges. Using Six Sigma methodologies may offer internal auditors of organizations a new approach to more effectively implementing ERM. Six Sigma offers a scientific, data-driven, business improvement methodology that can be adapted to enhance ERM application in the areas of skilled employees, implementation tools, and value creation.

  • Managing Risks for Comparative Advantage: Five Steps to Better Risk Management

    September 01, 2008

    This articles highlights a five-step process to help companies make changes to better their approach to risk management in response to the developments occurring in the corporate approach to risk management: 1. Identify and understand your major risks; 2. Decide which risks are natural; 3. Determine your capacity and appetite for risk; 4. Embed risk in all decisions and processes; and 5. Align governance and organization around risk.

  • We Will Never Have a Perfect Model of Risk

    March 16, 2008

    Former chairman of the Federal Reserve Alan Greenspan discusses why both risk and econometric models will never reach perfection. Business cycles and surprising discontinuities attribute to imperfection. Though these models helped past crises, Greenspan notes that the most reliable forms of managing against economic failure are market flexibility and open competition.

  • NC State ERM Initiative Responds to S&P Request for Comment

    January 31, 2008

    The NC State ERM Initiative has responded to the request for comment issued by Standard & Poor's on their proposed expansion of ERM analysis to nonfinancial companies as part of their overall credit ratings process. The ERM Initiative strongly endorses the S&P proposal to incorporate ERM analysis as an important component of the credit ratings decision and a copy of the comment letter submitted to S&P on January 31, 2008 and the link to the original S&P request for comment are provided.

  • When Strategy and ERM Meet

    January 01, 2008

    This article describes the intersection of strategic business plans and enterprise risk management (ERM). Recent events concerning collateralized debt obligations (CDOs) and subprime mortgages revealed that some institutions were tempted by the higher yields without managing the higher risks. This article contains three approaches to connect a company’s strategy to its risk management efforts. The three approaches for effective strategic risk management are: (1) a strategic risk management process, (2) a process to identify and protect assets at risk, and (3) strategic risk monitoring and performance measurement.

  • The Evolution of Risk and Controls: Seeking Value Creation

    December 31, 2007

    KPMG partnered with the Economist Intelligence Unit to report on the evolution of risk and controls functions within organizations. This report contains findings of how companies are re-defining the roles and objectives of their risk and controls management. Based on a survey of 435 senior global executives over a cross section of industries, the report highlights the major finding that executives are increasingly trying to find ways to utilize risk management (ERM) as a value-adding activity and partner in business strategy, rather than a mechanized response to threats or ad hoc system designed to merely preserve business objectives. Boards and key stakeholders are placing greater demands on executives to show that risk and controls are making measurable, positive contributions to value creation. A variety of factors has contributed to this change in perspective: volatility of international business proceedings, changing regulatory environment, greater desire for improved cost and efficiency considerations, and the emergence of new business risks. The survey illustrates primary concerns of CEOs in the changing ERM environment and their increasing reliance on risk and control professionals to make strategic decisions. The survey’s questions and responses are cataloged in an appendix to the article.

  • Reputation Risk Management

    December 01, 2007

    Corporations have started to take notice of the importance of reputation risk management, particularly in the past decade. Since 2000, research concerning reputation risk has more than doubled. A use of a top-down risk management strategy, as prescribed in an enterprise risk management strategy, as well as concentration on stakeholders are key parts of successful reputation risk management.

  • Governance, Risk Management, and Compliance (GRC)

    September 01, 2007

    The article titled One for Three provides an interesting perspective for companies using automation for their governance, risk management, and compliance concerns. Governance, risk management, and compliance (GRC) software has quickly advanced as various industries try to hone in on the best way to manage risks, while at the same time addressing compliance and regulatory issues. Many companies spend a little over 8% of their information technology budget on compliance requirements. Disturbingly, some companies using GRC software admit they are not completely aware of what GRC involves and the full capabilities of the software.

  • Cultivating Risk Intelligence for Competitive Advantage

    June 01, 2007

    Risk intelligence requires organizations to consider both unrewarded risks, taken primarily for value protection, as well as rewarded risks, taken to drive value creation. Risk management has been increasing in importance in recent years, and as entities undertake risk management programs it is important to consider both aspects of risk in order to maximize the value of these activities. Several characteristics of a risk-intelligent enterprise are described as well as several steps organizations can take in order to increase their risk intelligence.

  • Integrating SOX and ERM- Truths and Myths

    April 01, 2007

    For most organizations, the efforts being made to meet compliance regulations are not tied to current ERM processes. Procedures should be put in place to integrate compliance functionality into existing risk management plans.

  • Managing Reputation Risk

    February 01, 2007

    Reputation is very important to most organizations, yet many companies do a poor job of managing risks to their reputation. Too often, companies focus their energy on addressing threats to their reputation that have already surfaced instead of proactively searching for potential reputation risks on the horizon.

  • ERM Business Drivers

    February 01, 2007

    Forrester recently published an article by Michael Rasmussen titled, Business Drivers for Enterprise Risk Management, detailing why companies struggle with implementing and managing a successful enterprise risk management (ERM) program. Groups such as the Open Compliance and Ethics Group and the Professional Risk Managers’ International Association have been established to provide help.

  • How Managing Political Risk Improves Global Business Performance

    December 31, 2006

    A study was completed by PricewaterhouseCoopers Advisory and Eurasia Group dealing with political risk and how it affects multinational companies. The results of the study showed that multinational companies are not happy with how political risk is being managed. This is an unfortunate situation because political risk affects how companies protect their investments and assess new opportunities. PwC believes that by using an integrated approach based on the COSO model, companies can improve their management of political risk.

  • Managing the Unexpected

    September 25, 2006

    The Quarterly Journal of the EDS Agility Alliance recently published an article titled, Unwelcome Surprises, that discusses the dangers that can evolve from having a decentralized business structure that does not promptly alert upper management of potential dangers. Not knowing the outcome of future events makes the management of risks seem impossible.

  • ERM – UnitedHealth Group

    July 01, 2005

    UnitedHealth Group has implemented ERM within the organization to help identify risks and alleviate negative exposures while profiting from positive opportunities. ERM implementation at UnitedHealth Group evolved out of their Business Risk Management processes used in their six diverse operating businesses.