Articles: Miscellaneous ERM Topics

  • Using Collaboration Risk Management to Recognize Emerging Risks

    March 01, 2013

    PricewaterhouseCooper recently published a research paper on systemic risk trends. The authors of the paper shed light on the many issues related to the risk mitigation capabilities of businesses for minimizing the effect of systemic, or emerging, risk. As a result, they also found the similarities of strategies that successful companies use to thrive through major adverse events. The authors proffer that companies must integrate emerging risk management strategies into overall business strategies as well as considering collaborating with important partners to share risk information. The more companies anticipate and allocate resources to mitigating emerging risks, the better position they will be to capitalize on emerging upside risk.

  • Q & A: Controlling Spreadsheet Risk

    January 10, 2013

    Spreadsheets are widely used in today’s business environment, and rightly so – they provide users with a powerful, flexible solution for getting things done. However, there is a difficult truth about spreadsheets: as they become more prevalent and more complex in their functionality, spreadsheets can generate significant risks for any organization if not properly managed. This publication from Protiviti Inc. delves into the topic of spreadsheet risk with answers to over fifty frequently asked questions about spreadsheets. Collectively, these answers provide guidance for evaluating and controlling spreadsheet risk.

  • Managing Disruptions by Bifurcation

    December 01, 2012

    Proactively managing risks gives managers viable strategies when opportunities or threats emerge. However, even the most proactive companies experience an event or events that require reactions from management. At times, this process involves reinventing the company’s business model while divesting or disowning what made it successful. The authors of a recent Harvard Business Review paper argue that companies can diversify risk and capitalize on disruptions by bifurcating their strategies: a market-adaptive model that repositions its legacy business while also developing a new growth model that is forward-looking. Even though the strategies are divergent, companies should manage them in such a way that they share resources to create synergies in what the authors call “capabilities exchange”.

  • Managing the Risk of Disruptive Innovation

    December 01, 2012

    Organizations often find themselves surprised by a competitor’s announcement of a new innovation. Such announcements can be hugely disruptive, and they hit the competitive environment in many forms, such as a new revolutionary business model, a completely new technology, or a new spin on an existing product or service. A December 2012 article in Harvard Business Review discusses the threat of disruptive innovation. A new product offering or a novel business model from a competitor is enough to upend any existing business and change the face of a particular market indefinitely. However, organizations can manage the risk of disruptive innovations by being proactive in regards to evaluating their own business models and those of competitors. In this HBR article, Wessel and Christensen present their approach for assessing and strategically managing the risk of disruption.

  • Internal Audit’s Role in Risk Management

    October 02, 2012

    Michael Somich, Executive Director of Internal Audit at Duke University, discusses with Dr. Mark Beasley his views about the role internal audit should play within an organization’s ERM process. He shares insights from his experiences of leading the launch of the ERM initiative at Duke University while also serving as the general audit executive.

  • Chief Risk Officer vs. Risk Committees

    October 02, 2012

    A major stumbling block companies run into when beginning their ERM journey is whether to have one risk champion (CRO) or have a committee that handles risk oversight. Paul Zavolta, Director of ERM at Alpha Natural Resources, tells how Alpha Natural Resources uses both and discusses the importance of having individuals in risk leadership positions who possess strong people skills in addition to their technical expertise. He also goes into how he wishes he had risk management education as a college student and how that would have helped him throughout his career.

  • Applying “Big Data” to Risk Management

    October 01, 2012

    “Big data” is quickly building a following as a useful tool for helping managers make decisions. But what exactly is big data, and is its use actually beneficial to a business? This article from Harvard Business Review answers these two questions and more. The authors explain why digital data is perhaps more useful than ever before, and also provide real-life examples of companies using big data to make better decisions. The article also discusses five ingredients that are critical to using big data successfully in any company. Ultimately, big data could provide managers with insights into the risks facing their organizations.

  • Managing Risks of Innovation

    October 01, 2012

    Managers attempting to streamline a global innovation project generally do so while haphazardly managing risk. The reason for rushing projects is either lack of available employees, desires for a faster time to market, or using methods that worked at single location innovation projects. When management fails to spend the time necessary to build global innovation capabilities it could be more costly and more risky to make changes in the future when the change is out of necessity. A recent Harvard Business Review article offers ten guidelines to ascertain that a global innovation project has been organized and managed correctly to ensure its effectiveness.

  • Four Steps to Better Statistical Performance Measures

    October 01, 2012

    Managers hinder their performance insight by focusing on sexy performance metrics that may be persistent but not predictive, and vice versa. These popular key performance indicators (e.g., EPS growth) are loosely connected with long term value creation, based on empirical research. By using the author’s method for determining a measure that is both persistent and predictive, the company will enhance both past and future performance insight and management may be in a better position to identify risk areas that are more closely connected with strategic objectives such as shareholder value.

  • Managing Risks of the Mobile Enterprise

    October 01, 2012

    Mobile devices are becoming more and more integral in the workplace today, as they are used for field work, file-sharing, and business processes. With the widespread use of mobiles, and the delicate intertwined relationship of such devices with both personal and professional lives, substantial number of risks arise that need to be managed properly in order to reap the benefits of these devices. To help organizations think about risks associated with the use of mobile devices, the Security for Business Innovation Council (SBIC) has issued an in-depth analysis of consumer mobile devices in the enterprise along with various risks that arise with the evolving technology. Furthermore, the report also provides various recommendations to manage such risks effectively over time. The following provides a summary of the report.

  • Managing Supply Chain Risks for Conflict Minerals

    September 15, 2012

    The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 places new regulations on companies reporting to the SEC. In particular, Section 1502 of the Dodd-Frank Act concerns the use of conflict minerals in manufacturing supply chains. SEC issuers must now perform due-diligence on their supply chains in order to determine and disclose whether or not their manufactured products contain conflict minerals. This KPMG report is the first publication in a four-part series on Section 1502 of the Dodd-Frank Act. In the report, KPMG discusses how companies can begin to build a framework for compliance and risk management with regard to conflict minerals and the supply chain in general. KPMG believes that companies will reap significant future benefits by gaining a better understanding of supply chain risks now.

  • Minimizing Risks through Creative Strategy Setting

    September 01, 2012

    Strategic planners often go through a rigorous process of extensive analysis of past performance and forecasts to come up with a robust strategic plan. They attempt to check their biases, preconceived notions, and judgments during this process. However, the reality of the outcome of its execution of strategy provides little comfort on the efficiency of the strategic planning process and in identifying the risks associated with that strategy. This article from the Harvard Business Review recommends a “truly scientific” approach to strategic planning by providing seven key steps for leaders to consider while designing strategies so that they may be in a better position to address risks proactively as the strategy is built rather than after the strategy’s execution. In this way, organizations are better positioned to identify risks before they emerge, thereby enhancing the likelihood of strategic success through more effective risk oversight.

  • Mature Risk Management Drives Financial Performance

    July 27, 2012

    In a recent survey, Ernst & Young assessed the maturity level of risk management practices and found a positive relationship between risk management maturity and financial performance. It was revealed that specific risk practices were consistently present in the top performers (i.e., top 20% based on risk maturity), but were not present in the bottom 20%. The survey report organizes these practices into specific risk components the firm believes are critical to transforming risk management and driving better business performance.

  • Super Bowl Embraced ERM

    June 01, 2012

    Imagine being responsible for managing risks related to the NFL Super Bowl. With the millions of viewers drawn to this event each year, one shudders to think about an event occurring that shuts down the game or postpones it for a period of time. For the 2012 game, the Host Committee decided to embrace enterprise risk management (ERM) principles to help coordinate all the silos of responsibilities being assumed by the staff and the thousands of volunteers involved. A number of lessons can be drawn from this experience.

  • Preparing for a Corporate Crisis Before Significant Risks Materialize

    June 01, 2012

    A recent article from Practical Law The Journal offers boards guidance on preparing and responding to a corporate crisis. A lack of proper planning can make both managing crisis situations more difficult and possibly lead to more damage. The article discusses five steps the board and management can adopt to better prepare for a crisis once a significant risk materializes. A strong board culture is also highlighted as an important factor in responding to a crisis. Strategies are offered for promoting an effective board culture.

  • Lack of Senior Manager Support Impairs Risk Management

    May 01, 2012

    Here’s a new twist to “risk management”: one of the most damaging risks an organization may face is “management” itself. A recent article in Disaster Recovery Journal highlights the realities of how management’s attitude and embrace of risk management approaches can undermine the organization’s effectiveness at managing key risk events. Although many executives understand that risk management benefits everyone, not all share this view. The article outlines three categories of management that have a negative effect on an enterprise’s risk management strategies: management that ignores reasoned words, management that works against others’ efforts and management that is nonexistent in the execution of a plan.

  • How to Manage Risks Associated with Organic Growth Strategies

    May 01, 2012

    A sound approach to organic growth enables an organization to sustain itself through the toughest circumstances in the business environment. The authors of this Harvard Business Review article believe that organic growth strategy is most effectively driven by top-level executives; however, the authors also demonstrate that executive leaders commonly neglect their important role in organic growth, exposing their organizations to several areas of risk. This article discusses four specific risk areas created by a lack of executive leadership over organic growth efforts. The article then provides corresponding rules that executives can follow to overcome these risks and drive organic growth within their organizations.

  • Understanding and Communicating Risk Appetite

    February 01, 2012

    Risk appetite, as defined by COSO, is the “amount of risk, on a broad level, an organization is willing to accept in pursuit of value.” While the overall concept of risk appetite makes sense, organizational leaders find it difficult to find practical ways to articulate the organization’s appetite for risk-taking. As a result, risk appetite is often not discussed in many organizations. However, many are realizing that as their ERM processes mature, they need to tackling articulating risk appetite. Developing and articulating risk appetite needs to be engrained into the culture of an organization.COSO has developed this thought paper on Risk Appetite to provide practical illustrations of effective ways boards and senior executives can identify and communicate its appetite for risk taking across the enterprise.

  • Twelve Areas of Risk a Board Should Consider

    February 01, 2012

    In today’s dynamic business environment, the only constant for an organization is that it will be forced to change on a regular basis. A recent thought paper by Deloitte examines some of the top challenges facing companies and their boards in the ever-changing environment in which their organizations operate. The document highlights twelve key considerations boards should evaluate and provides food-for-thought in how they can help management navigate the uncertainty ahead.

  • Special Report: Risk Lessons from the 2011 Japan Earthquake Disaster

    January 01, 2012

    In the Global Risks 2012 report, the World Economic Forum features a special report on the Great East Japan Earthquake of March 2011. The special report highlights some lessons learned from the crisis that can be applied by governments and businesses. Some of the lessons include the necessity of redundancies for risk resilience, the value of adaptive leadership, and the importance of timely communication during a risk event.

  • The World Economic Forum’s Global Risks 2012 Report

    January 01, 2012

    The World Economic Forum’s seventh edition of the Global Risks 2012 report details the survey results of 469 global experts from different sectors. The experts ranked the likelihood and impact of 50 global risks that are major concerns of governments, businesses, and other groups. The risks are divided into five categories namely economic, environmental, societal, geopolitical, and technological risks. The report surveys global experts and aims to provide the survey results to assist political, business and other world leaders to be aware of the current global risks that need to be managed timely and effectively.

  • Compliance, Ethics and Enterprise Risk Management

    October 17, 2011

    Carlo V. di Florio, the Director of Office of Compliance Inspections and Examinations at the SEC spoke about the relationship between compliance, ethics and ERM. He made his speech at the National Society of Compliance Professionals (NCSP) National Meeting in October 2011. The speech outlined the importance of ethics in compliance and ERM exercises. It also presented ten elements of effective ethics, compliance and ERM programs. The speech also emphasized the need to clarify an organization’s five lines of defense namely the business, key support functions, internal audit, senior management, and the board of directors.

  • Audit Committees Concerns About IT Risks

    October 01, 2011

    KPMG’s Audit Committee Institute recently published its 2011 Public Company Audit Committee Member Survey Report. This report covers the most prevalent issues audit committees would like allocate more attention to over the coming year. One of the concerns that are at the top of their list is the oversight of IT risks and emerging technologies. There is a strong desire among audit committees to improve the quality of information concerning these risks.

  • Better Management of Complexity in Business

    September 01, 2011

    Companies continue to experience increasingly complex risks and business processes. This Harvard Business Review article argues that to manage the evolving complexity, managers and decision makers need to use different approaches than those used to address complicated systems. Complicated systems operate in patterned ways and they produce predictable outcomes. In contrast, complex systems have parts whose interactions are continually changing and are producing unpredictable outcomes. Failure to manage the risks of complex systems appropriately results in expensive mistakes.

  • Business Leaders and Global Capitalism Risk

    September 01, 2011

    The global spread of market capitalism has provided considerable wealth creation. However, there are concerns regarding how the global market system is currently functioning and these issues must be addressed to prevent disruption of the system. This Harvard Business Review article addresses why global capitalism is at risk and discusses how business leaders can take a more active role in protecting and improving global market capitalism. In particular, businesses must lead as both innovators and activists for market capitalism to prosper.

  • Being Aware of Catastrophic Risks

    September 01, 2011

    Catastrophic risks are always with companies. They can be destructive as well as be the result of a poor decision or lack of making a decision. The consequence associated with making a poor decision demands a risk analysis process that emphasizes having the courage to act in a manner that may be counter to the company’s and board’s expectations. This article discusses a three-part strategy that, with consistent use, aides in the avoidance of catastrophic events. Also provided are examples of well-known decisions that ended in catastrophe that could have been avoided with better pre-event risk analysis.

  • Risk Identification through “Rooted Maps”

    August 01, 2011

    This article published by the McKinsey Quarterly introduces “rooted maps” to help executives adjust their thinking in regards to developing global strategies. These maps, which depict the world from a specific perspective and purpose, reveal the impact that borders, distances, and differences in culture and policy have on a company. The article also addresses how executives can connect this tool to thinking about looming risks.

  • Managing Social Media Risks

    July 01, 2011

    As organizations realize the potential of social media to positively benefit their marketing and advertising strategies, they are also aware of potential risks. In a white paper published by Crowe Howarth LLP, the authors outline sources from which social media risks can originate and provides a six-step approach that an organization can use to create an effective social media risk management strategy.

  • Does Reliance on Board Subcommittees Lead to Silo-Risk Management?

    June 14, 2011

    Most boards of directors create subcommittees to manage certain types of board oversight responsibilities. Most boards have audit committees to oversee the financial reporting process and compensation committees to oversee senior executive compensation plans. Other committees might include nominating committees, compliance committees, and in certain industries, risk committees. As responsibilities for boards continue to increase, the agendas of both the full board and their subcommittees are becoming increasingly large and complex. A recent article in Directorship raises the concern that the creation of subcommittees and their related committee charters are leading to more silo-ed oversight of risks whereby certain categories of risks are managed by specific committees leaving little opportunity for the board as a whole to obtain an enterprise-wide or aggregate view of the entity’s most significant risks. The author encourages boards to engage in “risk mapping” to ensure the board has a sufficiently comprehensive view of the entity’s most significant risk exposures.

  • Design to Embrace Failures

    April 29, 2011

    Failure is unavoidable in uncertain environments, but organizations can benefit from planning and learning from mistakes. A Harvard Business Review article highlights how failures can provide useful learning opportunities and discusses seven principles to help design an organization that embraces intelligent failure. Intelligent failure, or learning through failures, can improve skills, agility, and risk-taking in organizations.

  • Homeland Security Risk Management Fundamentals

    April 01, 2011

    The Department of Homeland Security (DHS) plays a critical role in leading a unified effort in the management of the diverse and complex set of risks facing the United States. To strengthen capabilities in fulfilling its mission, DHS has created a Risk Management Fundamentals to provide a structured approach for the distribution and use of risk information and analysis efforts across the Department. The publication lists key principles, discusses approaches, and explains the process of effective risk management intended for DHS organizations and personnel to adopt.

  • Keeping Track of “Near Misses”

    April 01, 2011

    Organizations often find themselves praising the narrow escape of a potentially massively harmful event. An article in The Harvard Business Review describes how your organization can benefit from not simply marking these narrow escapes up to good luck but instead using the circumstances involved to prevent you from being put in the same situation some point in the future. The article highlights seven key strategies your organization can use to keep track of the near misses and use that information to capitalize on preventing major harm from occurring at your organization.

  • Why Learning from Success Can be Challenging

    April 01, 2011

    Learning from failures is equally important as learning from success. However, learning from success presents greater challenges, as good performance makes us less reflective and inquisitive about the factors that ultimately led to success. An article published by the Harvard Business Review highlights three impediments to learning from success and strategic approaches to overcome the challenges.

  • Impact of Risk Management Failures on the Financial Crisis

    January 03, 2011

    A report released by The Financial Crisis Inquiry Commission presents findings and conclusions related to the causes of the current financial and economic crisis in the United States. Failures of corporate governance and risk management at many systemically important financial institutions are among key causes of the crisis, as concluded by the Commission.

  • Increasing Complexity Creates Challenges for Risk Management

    January 03, 2011

    Managing complexity is quickly becoming one of the greatest challenges for large organizations today. A whitepaper published by KPMG presents findings related to a study of the causes and impact of complexity affecting large companies. The pace of change and global interconnections in business have resulted in increasing complexity, creating significant risk management challenges for companies. Increased risks to manage emerged as one of the greatest challenges created by complexity, according to the study.

  • Shareholders Push Boards to Manage Social and Environmental Risks

    January 01, 2011

    Shareholders are increasingly focusing on how boards of directors are overseeing risks and exploring opportunities related to social responsibility and environmental issues. Investors are particularly interested in how social and environmental factors might have a significant impact on an organization’s business. A whitepaper released by Ernst & Young discusses how the number of shareholder proposals with a particular focus on the growth and traction of corporate social responsibility are noticeably increasing over prior years. The thought paper provides suggestions to help boards and senior executives improve corporate social responsibility and to respond and anticipate shareholder concerns.

  • Climate Change and Sustainability Risks

    December 30, 2010

    Shifting consumer expectations, greater information access, and enhanced media attention are some of the reasons for growing attention on issues related to climate change and sustainability. With this increasing focus, more organizations are realizing the need to better understand both risks and opportunities for their organizations related to climate change and sustainability. Some are identifying unique business opportunities related to products and services from a sustainability perspective. More are realizing the importance of their evaluating the nature of risks that may arise as expectations and regulations related to climate change and sustainability continue to emerge. A recent thought paper from Ernst & Young analyzes how issues related to climate change and sustainability may affect the organization’s overall risk profile including risks related to five core areas: strategic, compliance, financial, reputational, and operational risks.

  • Protecting Your Reputation in Today’s Social Media World

    December 01, 2010

    A recent article in The Harvard Business Review addresses the importance of protecting corporate reputation in the new age of social media outlets. The article highlights key areas that organizations should focus on when they may come under the attack of a potentially damaging event in the light of the media. Strategies to help an organization avoid any form of harmful media are also covered in the article.

  • Evaluating Impact of Compensation Plans

    October 01, 2010

    The current economic climate is an opportune time for employers to determine if compensation practices are properly aligned with market practices and the organization’s business strategy. A six-step process is outlined for evaluating compensation plans in order to keep organizations’ compensation programs relevant and tied to strategy and value effective in a changing economy.

  • Data Risk Management – Applying a Holistic Approach

    September 30, 2010

    Due to the increasing costs associated with protecting and maintaining data, a holistic approach to data risk management is becoming essential to organizations. A whitepaper published by IBM discusses the framework and practices involved in using a holistic approach for implementing data risk management programs across organizations.

  • Incorporating Risk Management into Corporate Governance

    September 23, 2010

    In response to significant changes in corporate governance due to the events in the financial markets in the first decade of the 21st century, the New York Stock Exchange (NYSE) created the Commission on Corporate Governance to conduct a comprehensive review of corporate governance principles. The NYSE developed a white-paper that explores the commission’s research findings and recommendations for organizations. Several aspects relate to effective risk management.

  • Reducing Risk Detection and Reaction Time

    July 01, 2010

    The recent credit crunch and economic downturns have caused businesses across the globe to face new, diverse risk-related challenges. Many companies are slow to detect and react to these risks that arise, which threatens their competitiveness and even their survival. This article explains how to shorten your company’s risk detection and reaction time through a company-wide risk “language.” This will enable your organization to be able to better protect and potentially create value and gain a competitive advantage for your organization.

  • Current state of the Internal Audit Profession and Risk Oversight

    June 11, 2010

    The fallout from the recent financial crisis has quickly changed the way many companies operate. Internal audit is the one branch of an organization that has the authority, knowledge and reach to identify and address significant challenges faced. This report is the 6th annual assessment of the Internal Audit profession by PwC and indicates that while companies recognize the priorities of internal audit, there is a gap in achieving these key attributes.

  • How Nonfinancial Companies Manage Risk

    June 01, 2010

    Standard and Poor’s enterprise risk management (ERM) evaluations at rated companies serve as an extension of the management assessments that have traditionally been a part of the credit ratings process. In September 2008 the scope of their analysis was widened to include some nonfinancial companies in 17 industries and their managers’ ability to manage key risks. This article provides answers from S&P to several frequently asked questions about S&P’s focus on rated entities’ ERM processes.

  • Global Risk Technology Survey

    June 01, 2010

    Aon Analytics collected data in 2009 on the perspectives of risk professionals from leading organizations around the world to provide its first edition of the Global Risk Technology Survey. This report outlines the top ten benefits respondents found from utilizing risk technology or risk management information systems. Within the findings, respondents identified the increased accuracy and reliability of data as well as data consolidation and management as the most important benefits of risk technology.

  • COSO Fraud Study 2010

    May 03, 2010

    The Committee of Sponsoring Organizations of the Treadway Commission (commonly known as COSO) has released the study, Fraudulent Financial Reporting: 1998-2007, An Analysis of U.S. Public Companies, that examines financial statement fraud allegations investigated by the U.S. Securities and Exchange Commission over a ten-year period. The study provides an in-depth analysis of the nature, extent, and characteristics of accounting frauds provides helpful insights regarding new and ongoing issues that need to be addressed. The study examines nearly 350 alleged accounting fraud cases investigated by the SEC during the period, 1998-2007. Mark Beasley, Deloitte Professor of Enterprise Risk Management at NC State is one of the study’s co-authors.

  • ERM Roundtable Summit - Panel Discussions on ERM:  Lessons Learned & ERM:  Directions for the Future

    March 12, 2010

    On March 12, 2010 the NC State University ERM Initiative hosted a half-day ERM Roundtable Summit in Charlotte, NC that involved a series of two 90-minute panel discussions. Our first panel focused on “ERM: Lessons Learned,” while the second panel focused on “ERM: Directions for the Future.” Both panels consisted of real-world ERM experts who are heavily involved in leading ERM efforts within their organizations or who are providing significant ERM leadership roles at a national level through organizations such as COSO, Standard & Poor’s, and Grant Thornton. Both panels engaged in lively discussions about real-world experiences and lessons learned from their leadership in ERM implementation process at their companies. Several themes emerged from the discussion, which are summarized in the following abstract.

  • Managing Risks with Sustainable Practices

    March 01, 2010

    On March 11, 2010, the Coalition for Environmentally Responsible Economics (Ceres) issued its report The 21st Century Corporation: The Ceres Roadmap for Sustainability. Ceres hopes to target boards of directors of corporations with this report, encouraging them to take advantage of sustainability opportunities with relation to managing risks. The report contains twenty key expectations related to governance, stakeholder engagement, disclosure and performance. Through focusing on setting new standards and expectations for business leadership, Ceres hopes to guide companies on their journey to comprehensive sustainability.

  • Finding Your Strategy in the New Landscape

    March 01, 2010

    The economic crash of 2008 had profound international effects and prompted a dramatic reduction in foreign investments in 2009. However, China and India still hold large portions of global GDP growth and have the potential to provide opportunities in big, emerging markets in the future. In this article, the author focuses on the belief that the economic crisis should not inhibit global strategies and gives suggestions on how to navigate this new international area.

  • Roadmap for Compensation Risk Assessment:  Consequences – Unintended or Not

    February 01, 2010

    As a direct result of the financial market crisis, media and regulatory agencies have targeted companies with compensation plans that promote excessive and unnecessary risk-taking. This article outlines the pending regulations concerning compensation disclosures and outlines action steps that companies and their compensation committees can take to prepare themselves for these new requirements.

  • Enterprise Risk Management:  Is it Relevant to Government?

    February 01, 2010

    Regulatory agencies and investors alike have come to a consensus; they are demanding that corporations engage in a fundamental review of risk management processes and make necessary improvements to bring risks in line with stakeholder appetite. Although this focus to strengthen risk oversight has been vastly applied to corporations, it is important that governmental entities follow suit, given important expectations that exist for those organizations too. This brief article by Mark Beasley sheds light on how ERM can be considered from a governmental point of view.

  • Adding Value, Not Bureaucracy: Linking Governance, Enterprise Risk Management and Internal Controls

    January 01, 2010

    Risk management has quickly become the most targeted area of improvement since the financial crisis for businesses to help prevent another crisis or lessen the impact if another one were to occur. With this intensified focus comes confusion about how ERM applies to corporate governance and internal controls. This article by Bonnie Hancock briefly explores these relationships and how they should be understood within an organization.

  • SEC Approves Enhanced Disclosure about Risk, Compensation and Corporate Governance

    December 16, 2009

    In December 2009 the SEC approved rules intending to improve corporate disclosures regarding risk, compensation and corporate governance matters. Beginning with the March 2010 annual reporting season new disclosures in proxy and information statements are now required including the board’s role in risk oversight and the relationship of a company’s compensation policies and practices to risk management. These rules will increase the accountability of management and directly benefit investors by improving transparency.

  • Where Main Street Meets the C-Suite

    December 15, 2009

    The current economic crisis has led to negative perceptions about the role of boards and senior level management. A survey, conducted by Directorship Magazine and Deloitte , LLP and Korn/Ferry International, questioned respondent’s views on several issues such as board duties and responsibilities, CEO performance during the current crisis, and each of their compensations. The results of the study showed that most respondents agreed that the negative media was an accurate portrayal of board of director and CEO performance. In general, respondents also felt that director and CEO credibility was “poor” or “adequate”. These results led researchers to believe that boards of directors need to be more aware of their public perceptions and strive to achieve popular opinion.

  • Scenario Planning: Worth the Benefits

    September 01, 2009

    The Conference Board recently issued thought guidance designed to highlight the benefits of conducting robust and value-adding scenario planning sessions. While scenario planning may appear relatively simple, there are certain steps that are worth considering in order to maximize the benefits of conducting scenario planning sessions.

  • Effective Enterprise Risk Management Starts with a Conversation

    September 01, 2009

    It has become increasingly evident that improvements in the way senior executives approach risk management activities and the role the board plays in risk oversight will need to be addressed at many companies in the near future. In this article, Bonnie Hancock provides a brief oversight on how Enterprise Risk Management can be successfully launched with a simple conversation in an organization to effectively increase overall knowledge of risks.

  • Uncertainty in Business

    July 01, 2009

    Uncertainty and ambiguity are a key challenge for business leaders today. Organizations are finding that they must increasingly plan for contingencies in the future instead of focusing primarily on short-term goals. In the past, many business leaders believed their organizations’ long-term goals could wait until they had dealt with the current crisis. In the current business environment, this is no longer the case. The rate of change has accelerated, indicating that business leaders must learn how to strike a balance between managing complex issues today and predicting the uncertain issues of tomorrow.

  • Internal Audit’s Role in Managing Reputation Risk

    June 01, 2009

    Reputational risks and corporate missteps are having more significant impacts on bottom lines and stakeholder perceptions of companies than ever before. Therefore, companies are recognizing the importance of reputational risk and placing a greater emphasis on reputational risk management. Internal audit departments can play a significant role in helping companies manage reputational risks through their advisory and monitoring efforts.

  • S&P’s ERM Reviews for Non-Financial Issuers – Where Do We Stand?

    December 01, 2008

    Beginning in the third quarter of 2008, Standard & Poor’s credit review process of nonfinancial companies now includes an evaluation of the organization’s management of enterprise risk programs as a component of management effectiveness. The credit reviews focus on an evaluation of the risk management culture within the organization and an investigation of the strategic use of risk management data. This AICPA Audit Committee Brief describes the ERM assessment processes and methodology employed by the S&P in evaluating risk management programs in non-financial issuers.

  • Outsourcing and Offshoring Decisions - Taking a Risk Intelligent Approach

    October 01, 2008

    When initiating the use of outsourcing and offshoring, companies should take a Risk Intelligent approach. In doing so, companies can better mitigate risks that develop from outsourcing and offshoring and optimize the benefits from such contracts. Companies should follow the steps within the outsourcing and offshoring lifecycle to when making outsourcing and offshoring decisions.