• Managing Supply Chain Risks for Conflict Minerals

  September 15, 2012

  The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 places new regulations on companies reporting to the SEC. In particular, Section 1502 of the Dodd-Frank Act concerns the use of conflict minerals in manufacturing supply chains. SEC issuers must now perform due-diligence on their supply chains in order to determine and disclose whether or not their manufactured products contain conflict minerals. This KPMG report is the first publication in a four-part series on Section 1502 of the Dodd-Frank Act. In the report, KPMG discusses how companies can begin to build a framework for compliance and risk management with regard to conflict minerals and the supply chain in general. KPMG believes that companies will reap significant future benefits by gaining a better understanding of supply chain risks now.

• Increasing Percentages of Organizations are Embracing Enterprise Risk Management

  July 01, 2012

• Managing Levels of Innovation Risk

  May 01, 2012

  The highly competitive landscape and the rapid pace of change means organizations must continually seek to innovate to survive and grow. For many, their rush to get new innovations to market overlooks critical risks that threaten the success of those initiatives. More organizations are seeing first-hand how difficult of a task it is to mitigate innovation risk. A recent Harvard Business Review (HBR) article highlights how organizations can, through the balance of diversifying and appropriately focusing efforts within their innovation portfolios, achieve higher returns over their long-term innovation investments. The authors of this article discuss issues dealing with managing innovation and ways to initially guide management.

• Risks Associated with Product Development

  May 01, 2012

  With over 50 years of experience in advising companies on product development efforts, the authors of this Harvard Business Review article present six flawed assumptions that bring rise to risks associated with product development. Product development managers often follow conventional assumptions to execute their projects effectively and efficiently based on the belief that these lead to the most productive approach. But often, risks associated with product development rise due to fallacies in these assumptions causing major delays, glacial progress, and costly failures.

• Learning from Duke University’s Enterprise Risk Management Process

  March 01, 2012

  A place where ERM hasn’t been embraced as quickly in the corporate world is academia. However, that may be changing as major universities such as Duke and the University of Washington have begun to develop robust ERM processes. Though the functions of universities range from education to athletics and vary from school to school, the lessons learned by Duke, can not only be applied to academia, but also to other organizations looking to implement ERM in their business.

• Special Report: Risk Lessons from the 2011 Japan Earthquake Disaster

  January 01, 2012

  In the Global Risks 2012 report, the World Economic Forum features a special report on the Great East Japan Earthquake of March 2011. The special report highlights some lessons learned from the crisis that can be applied by governments and businesses. Some of the lessons include the necessity of redundancies for risk resilience, the value of adaptive leadership, and the importance of timely communication during a risk event.

• The World Economic Forum’s Global Risks 2012 Report

  January 01, 2012

  The World Economic Forum’s seventh edition of the Global Risks 2012 report details the survey results of 469 global experts from different sectors. The experts ranked the likelihood and impact of 50 global risks that are major concerns of governments, businesses, and other groups. The risks are divided into five categories namely economic, environmental, societal, geopolitical, and technological risks. The report surveys global experts and aims to provide the survey results to assist political, business and other world leaders to be aware of the current global risks that need to be managed timely and effectively.

• Increasing Risk Awareness for Mission Critical Objectives of Not-for-Profit Organizations

  April 26, 2011

  Even though risk management is in the spotlight among for-profit organizations, effective risk oversight is needed for not-for-profit organizations, too. A whitepaper published by the AICPA highlights the relevance of risk oversight and importance of developing an enterprise view of risks in not-for-profit organizations.

• A Survey of Global Risk Management in a Changing Environment

  February 01, 2011

  After the recent global financial crisis, many economies and financial markets around the world appear to be strengthening. However, serious concerns still exist as organizations are not returning to the same environment, but rather one that is constantly changing. That reality is causing many organizations to change their risk management approach. Deloitte recently conducted a survey of financial institutions in an effort to understand the state of risk management in this new environment. Though the survey analyzes the financial industry, this white paper is applicable to many different types of organizations.

• Enterprise Risk Management in Higher Education

  January 03, 2011

  A recent Association of Governing Boards of Universities and Colleges and United Educators survey raises concerns that higher education is lagging behind other industries in considering risks as part of the strategic planning process. Since the release of the 2009 survey, the challenges that colleges and universities now face have only increased as financial resources tied to endowments, and federal, state, or local funding have shrunk. Unfortunately, with the challenge of managing these very real financial pressures takes the attention of most university leaders, the reality that new strategies being deployed are leading to new and different types of risks never seen before in the university setting may be going unnoticed. A recent Grant Thornton thought paper notes that now, more than ever, institutions of higher learning need to strengthen their enterprise-wide risk oversight as they enter new and different strategic territories.

• Intensifying Dialogue on Risk and Strategy: A Banking Perspective

  November 15, 2010

  Technologies, products, and institutions are constantly becoming more complex, which ultimately increases the risks that organizations face. During recent economic crisis, the banking industry has experienced this first-hand. This white paper provides an analysis of how banks are improving their risk governance through enhanced dialogue of risk and strategy between the Board of Directors and management. Though this white paper contains a research study conducted on the banking industry, it is still applicable to other types of organizations.

• Risk Management in Higher Education

  November 22, 2009

  Christine Eick began her job as risk manager at Auburn University over fourteen years ago, when she had just one employee. Currently, the risk management department at Auburn has more than thirty staff members and a $2-million budget. Similar to Auburn, many other universities have built-up their risk management infrastructure in order to prevent high-profile mishaps, such as fatal fires or school shootings. In addition to an effort to decrease liability, colleges are also strengthening risk management to ensure compliance with various state and federal regulations in safety and environmental health. As universities seek to address emerging problems before they become a reality, risk management departments are becoming more common in higher education, potentially making universities safer for all those on campus. A growing number of universities are expanding their thinking about risk management to embrace a more holistic, enterprise-wide view of risk oversight in order to protect the reputation of the university and to achieve its core mission.

• The State of Enterprise Risk Management at Colleges and Universities

  July 01, 2009

  A survey was conducted in June 2008 of over 600 presidents and chancellors, CFOs, governing board members, chief academic officers, and risk managers from private and public colleges and universities of varying sizes. Key survey findings indicate there is significant room for improvement in enterprise risk management at higher education institutions. Best practices and action steps institutions can take to improve their enterprise risk management efforts are discussed. Additionally, a sample worksheet is provided to help higher education leaders begin the systematic risk assessment process in their institutions.

• Global Risk Management Survey

  June 01, 2009

  Risk management today is becoming increasingly important to the marketplace because of the financial instabilities felt by all. This turbulent atmosphere in the marketplace since the early part of 2008 has not only scrutinized the risk management practices of companies, but has proven that there is a significant need for effective risk management capabilities, which allow companies to consistently assess risk while identifying and monitoring emerging risks and reacting to them in a timely manner.

• The Top Ten Risks for Global Business in 2009

  January 01, 2009

  This report compiles views of industry commentators, sector experts, and Ernst & Young practice professionals as to the major business risks facing “leading global firms” in each of their sectors. The risks identified as the top ten risks for global business in 2009 were rated as having the greatest impact across the largest number of sectors, and these risks will likely do the most to influence markets and drive corporate performance in the coming year. Several of the top ten risks identified were on the list last year: the credit crunch, regulation and compliance, radical greening, cost cutting, and executing alliances and transactions. Three of the top ten risks, non-traditional entrants, managing talent, and reputation risks, moved up from lower rankings the previous year. There were also two new risks that were not identified last year, deepening recession and business model redundancy.

• Costs Associated with Regulatory Risks

  December 31, 2008

  A significant portion of an organization’s enterprise risk management efforts in both time and dollars may be spent on compliance and regulatory risks. Compliance with federal regulations cost approximately $1.157 trillion in 2007. There were 159 economically significant rules under consideration in 2007, each having an estimated cost of at least $100 million annually. Regulatory compliance costs are important to all businesses, but can be higher per-employee for small businesses since some costs are imposed regardless of size. Federal regulations provide a means of funding government programs without using tax dollars, essentially becoming a form of off-budget taxation that minimizes public scrutiny. The significant impact of these regulatory compliance costs and their overall lack of visibility suggest a need for increased disclosure, transparency, and accountability related to federal regulations.

• ERM in Academic Institutions

  December 01, 2008

  Academic institutions tend to manage risks in organizational silos, as is common in many businesses. By implementing ERM, an academic institution can benefit from an enterprise-wide identification and assessment of risks which can be used to refine the strategic planning process. Taking an ERM approach improves management’s decision making when a risk’s impact and likelihood are considered.

• Emory University’s ERM Implementation

  December 01, 2008

  Leaders at Emory University began an ERM program to improve the university’s ability to manage risks, prepare for adverse events, improve principles and practices related to financial controls, and to communicate with managers across the university about key issues. The ERM effort was endorsed by the executive committee and the process was developed by an ERM steering committee, which consisted of operational vice presidents and senior administrators. Emory did not find an ERM model in higher education or one offered by consultants that suited its goals for ERM, so it began its efforts with a bottom-up inventory of operational risks.

• S&P’s ERM Reviews for Non-Financial Issuers – Where Do We Stand?

  December 01, 2008

  Beginning in the third quarter of 2008, Standard & Poor’s credit review process of nonfinancial companies now includes an evaluation of the organization’s management of enterprise risk programs as a component of management effectiveness. The credit reviews focus on an evaluation of the risk management culture within the organization and an investigation of the strategic use of risk management data. This AICPA Audit Committee Brief describes the ERM assessment processes and methodology employed by the S&P in evaluating risk management programs in non-financial issuers.

• Embedding ERM: 2008 Global Insurance Sector Survey Results

  October 27, 2008

  More than 350 Chief Financial Officers, Chief Actuaries and Chief Risk Officers responded to a global ERM survey of the insurance industry which found that European insurers are more advanced in ERM implementation than insurers in North America and Asia. Large insurers are more advanced in most aspects of ERM implementation. Economic capital standards are emerging for risk measurement, with a shift toward using a one-year value at risk approach.

• Model Risk Management for Financial Service Firms

  July 01, 2008

  The topic of model risk management currently stands at the forefront of risk management for many financial service firms. During these uncertain times, many challenges have arisen with regards to model risk management. This article in Bank Accounting and Finance discusses what has recently made model risk management important, the challenges that this area currently faces, as well as provides guidance for addressing these challenges.

• Does ERM Matter?: Enterprise Risk Management in the Insurance Industry

  June 01, 2008

  The recent upheaval in the banking industry, which is heavily regulated and an early adopter of enterprise risk management (ERM) strategies, has caused other businesses to question the efficacy of an ERM program. A recent study by PricewaterhouseCoopers, LLP makes it apparent that ERM is not fully embedded in many businesses. Failing to consider risk in business decisions makes it unlikely that businesses will achieve their ERM objectives, and increases the difficulty of realizing strategic objectives.

• ERM in Higher Education

  September 01, 2007

  This document provides guidance for the embrace of Enterprise Risk Management (ERM) in Higher Education. While this is not a step-by-step guide on how to implement ERM at any specific institution, it does provide a good overview of the ERM process, where to begin, and best resources available for structuring and implementing an ERM framework. The document also summarizes examples of ERM at several institutions of higher learning.

• Insurance Companies’ ERM Ratings

  July 16, 2007

  Standard & Poor’s has spent a significant amount of time developing criteria for and measuring the effectiveness of insurance providers’ enterprise risk management (ERM) systems. Recently, they have focused on European insurance companies. They find that the state of ERM practices in Europe may best be described as adequate for a large majority of European insurers.

• ERM at the Federal Reserve Bank of Richmond

  March 31, 2007

  This is an examination of an implementation of an ERM discipline in one of the Federal Reserve Banks. It demonstrates a possible model where financial performance targets are not the primary measures of success. The Federal Reserve Bank of Richmond’s ERM approach captured risk within each functional area and then assessed those risk events in terms of both functional and then corporate objectives. Private sector organizations look at threat to value (net worth, revenue, etc.). Public sector firms usually have non-financial objectives. Since measures of success are different, ERM models should be different.

• Insurers Discover ERM Isn’t Just for Banks Anymore

  June 01, 2006

  The Conference Board issued a July 2006 research report, “The Role of U.S. Corporate Boards in Enterprise Risk Management,” that provides insights about board of director perspectives on their role in overseeing enterprise risk management processes at organizations where they serve. Mark Beasley, NC State’s ERM Initiative Director, served as a member of the Advisory Board for the Project. Based on a research approach that involved personal interviews with 30 board members, analysis of Fortune 100 board committee charters, and a broad survey of 127 board members, the report finds that while ERM processes have improved in some companies, directors serving on multiple boards reported significant variations in the quality of risk dialogue and fewer boards seem to have well-established risk processes. Only 54% have clearly defined risk tolerances and only 47.6% of the boards rank key risks. Almost 50% of the directors would like to see more data analysis related to the company’s risk profile.

• ERM – UnitedHealth Group

  July 01, 2005

  UnitedHealth Group has implemented ERM within the organization to help identify risks and alleviate negative exposures while profiting from positive opportunities. ERM implementation at UnitedHealth Group evolved out of their Business Risk Management processes used in their six diverse operating businesses.

• The Orange Book: Management of Risk – Principles and Concepts

  October 01, 2004

  The original Orange Book was published by the British government in 2001 to promote more robust risk management practices in government sectors. Since 2001, organizations have begun to now have basic risk management processes in place. The risk management challenge is no longer in the initial identification and analysis of risk and the development of the risk management process. Rather, the challenge today is in the ongoing review and improvement of risk management. Thus, the British government issued this 2004 revision of The Orange Book to include more advanced guidance, such as the importance of “horizon scanning” (a systematic activity designed to identify indicators of changes in risk). This document also examines how the organization’s risk management activities relate to the wider environment in which it functions.

• Using Technology to Support ERM:  A Case Study

  December 31, 2003

  Companies face added complexity to overall risks threatening an enterprise. Management needs a risk management program that is complete and proactive toward risk. This article highlights steps that Zions Bancorporation took to develop an application to facilitate risk management.

• Business Risk Management in Government

  October 01, 2000

  While risk management is well-established in the private sector, no generic risk management approaches are available for government entities. Due to potential pitfalls that exist in government practices, it is not feasible to simply apply private-sector risk management guidance directly to the public sector. Government risk management should focus on systemic risk in order to prevent the blame-shifting that is often present in the government sector.

Sub Navigation

ERM Resources

• Resources
• Articles
• ERM Video Library
• Books
• Conferences
• Webcast
• Organizations
• ERM Roundtable Summaries