From The ERM Library
Asymmetric Information Risk occurs when there is an imbalance of information possessed by C-suite executives and their boards of directors. Boards are susceptible to information risk given the realities that management is on-site daily while boards are only periodically engaged. A result of this reality is that information risk can pose a threat to boardroom operations and can ultimately lead to corporate crisis. The most significant risk constitutes whether the right information in the essence of quality and quantity is presented to the board. When a large gap in the information process occurs, it can create hazardous outcomes and missed opportunities within the company. A recent NACD article identifies the issue of asymmetric information risk, provides an overview of specific warning signs of information gaps, and implements possible solutions to overcome gaps in the information sharing process.
January 1, 2014
The financial crisis and subsequent performance failures, including bankruptcy, has resulted in a bright spotlight on boards for a number of organizations in regards to their effectiveness – and lack thereof – in risk oversight. Scrutiny has increased from regulators and other key stakeholders calling on boards to ensure their risk oversight efforts are strengthened. A recent Deloitte thought paper offers six recommendations that boards may want to consider to strengthen the board’s overall risk intelligence.
Our Top Articles
September 9, 2014
Risk management has often fallen solely on the shoulders of the Chief Risk Officer (CRO), but now CEOs and CFOs are increasingly sharing that responsibility and they are turning to “big data” as a possible solution. CFO Magazine recently issued an eBook on The Future of Risk Management and in that they argue that the implementation of an enterprise risk management system has become more common over the past five years due to the availability of big data, deficiencies in security, and the restructuring of leadership. Analyses can be made from big data that give executive officers numerical values regarding the cost-benefit of risk management. The increasing amount of available data makes a company more susceptible to hackers, therefore demands improvements in security and protection against cyber-attacks. CRO’s are often faced with the challenge of justifying increased spending on preventative measures to chief executive and financial officers, but lately have been considered with more respect.
May 5, 2009
While the concept of a risk appetite framework is sound and can provide many benefits to organizations, many of these frameworks failed during the current crisis due to design and application problems. Organizations can learn from several key failings in risk appetite frameworks that were highlighted by the crisis. Though this article looks at risk appetite from the perspective of banks, the suggestions are applicable to many types of organizations seeking to improve their risk appetite framework.
February 2, 2013
There is a growing need for organizations to understand how their strategies are shaping their corporate sustainability responsibilities. New business practices may be needed to enhance and promote environmental, social, and governance (ESG) initiatives. Certain strategic risks may arise if these efforts are not executed in an effective manner. A recent report issued by The Conference Board explains the need to enable sustainability reporting as an essential imperative for engaging investors, customers, and employees in eventually lowering certain risks. Furthermore, it outlines risk management strategies on how best to communicate, engage and integrate the matter of sustainability reporting.
March 3, 2013
In this recently published report, business consulting firm Protiviti reveals the results of its annual “Internal Audit Capabilities and Needs Survey.” The survey was administered in late 2012 to over 1,000 internal audit professionals from organizations of all sizes, and across a broad range of industries. The questions in the survey are designed to draw out internal auditors’ perspectives on the current and emerging skill requirements facing the internal audit function; each survey respondent is also asked to grade how well their organization’s internal audit group is handling these looming challenges. Protiviti’s report highlights the growing need for internal audit professionals to expand their knowledge base and skill sets in order to address a new wave of enterprise risks.
November 11, 2006
A survey administered to financial professionals of large public companies that explores their views on the key risks facing their companies and how they are managed. The consensus is that the nature of risk is changing due to new business models. Enterprise Risk Management (ERM) has emerged as a possible solution to many of the risks indicated.
May 5, 2011
With the scarcity of useful guidance to help organizations determine risk appetite and risk tolerance, the Institute of Risk Management (IRM) is seeking to clarify and produce guidance to more effectively communicate an understanding of risk appetite. As a result, IRM released a consultation paper with detailed approaches for developing and using risk appetite and risk tolerance in risk management. In addition to the guidance provided, questions are listed throughout the document with the suggestion that they be asked in the boardroom to ensure that risk appetite and risk tolerance are being adequately addressed.
December 12, 2010
Organizations are seeing the value of adopting a risk-based approach to execute strategies in order to survive in a post-recession world. This approach enables managers to focus on opportunities in strategic plans, as well as minimizing the potential impact of threats. A recent article in the Journal of Business Strategy outlines four steps to execute a strategy using a risk-based approach.
August 8, 2009
In response to the current economic crisis, company boards and audit committees are looking for ways to improve their approach to risk oversight. Risk management perspectives are becoming more focused on external versus internal factors and are being broadened to a long-term approach. The board of directors and audit committee should give more attention to the entity’s risk appetite to ensure that the risks being taken are in alignment with the entity’s strategic objectives. The approach to risk management should be broadened, dynamic, and long-term. This whitepaper discusses how to evaluate the quality of a risk management system and how to ensure that a risk oversight strategy is appropriate.
February 2, 2011
After the recent global financial crisis, many economies and financial markets around the world appear to be strengthening. However, serious concerns still exist as organizations are not returning to the same environment, but rather one that is constantly changing. That reality is causing many organizations to change their risk management approach. Deloitte recently conducted a survey of financial institutions in an effort to understand the state of risk management in this new environment. Though the survey analyzes the financial industry, this white paper is applicable to many different types of organizations.
January 1, 2010
Risk management has quickly become the most targeted area of improvement since the financial crisis for businesses to help prevent another crisis or lessen the impact if another one were to occur. With this intensified focus comes confusion about how ERM applies to corporate governance and internal controls. This article by Bonnie Hancock briefly explores these relationships and how they should be understood within an organization.
June 6, 2010
The devastating effects of the global credit crisis can be linked to the failure of organizations to embed risk management within the foundation of strategic and operational processes. Now, increased pressures from all around call for an integrated and aligned approach to risk management. This white-paper explores how organizations can effectively align performance and risk management processes to not only reduce risk but also embrace opportunities.
December 12, 2008
Boards of directors are charged with corporate governance tasks that include setting executive compensation and developing the corporation’s strategic agenda in light of its risk tolerance. Using short-term performance metrics, like stock price or earnings per share, to determine executive compensation may encourage executives to make decisions that are not aligned with the corporation’s strategic plan or overall risk appetite.
May 5, 2012
The turmoil surrounding recent announcements of over $2 billion in trading losses at JPMorgan Chase is now shining a spotlight on risk management failures at the bank. A front-page story in The New York Times (May 15, 2012) reveals that in the years leading up to the bank’s trading loss, risk managers and some senior investment bankers raised concerns that the bank was making increasingly large investments in complex trades, but their concerns were ignored and dismissed. Some allege that the senior executives failed to respond to concerns from internal risk officers, who were largely side-lined. This unfolding story is highlighting the critical importance of the tone at the top regarding maintaining and enforcing an appropriate risk management culture and continues to support the call for direct lines of reporting from chief risk officers to independent members of the board of directors.
October 10, 2011
PwC’s 2011 Annual Corporate Director Survey report summarizes the responses of 834 corporate directors concerning stakeholder concerns. Critical areas highlighted in the findings were executive compensation, succession planning, and risk management. Given that expectations of governance oversight have reached unprecedented levels, boards are working to adapt their risk oversight role to the shifting risk landscape. See what directors say about their risk oversight maturity.
June 6, 2012
Organizations often employ a rules-based model to manage risk; however history suggests that such an approach may not be an effective way to manage all types of risk. This Harvard Business Review article provides a framework for thinking about risk management that is centered on breaking an organization’s risks into three categories. The authors demonstrate, through real-world examples, how each category of risk is best managed through certain types of risk management mechanisms. Each of these mechanisms plays a role in strengthening the organization’s overall risk management function.
June 6, 2011
For many organizations risk management is rapidly developing into a more forward looking, enterprise-wide approach, according to Accenture’s 2011 Global Risk Management study of almost 400 executives from 10 major industries. To achieve effective enterprise risk management, organizations must focus on being proactive, rather than merely reactive, and use risk management to both drive competitive advantage and sustain future profitability and growth. The study highlights key results from their survey, challenges that remain, and recommendations that can improve risk management programs.
January 1, 2014
The Board of Directors (“the Board”) plays an integral role to the risk management function of a corporation. Risk has been at the forefront of debated topics over the years, more so in the recent years due to the financial crisis that drew the ire of the public, legislators, and the media over compensation of executives. When considered with the ongoing global economic instability and increasing regulatory requirements, the development of rigorous risk management procedures will continue to change. In a recent article from the Bank and Corporate Governance Law Reporter, authors provide an overview of past issues and updates to emerging issues regarding the Board’s risk oversight function from regulatory requirements to suggested best practices.
November 11, 2011
Often times, corporations don’t see the value in adding additional processes in order to have an enterprise-wide view of risk management. Laurie Brooks, retired Chief Risk Officer at Public Services Enterprises Group and current board of director at Provident Financial Services, explains how looking at risk across business segments and from both the bottom-up and top-to-bottom perspectives can really help companies see what risks they need to monitor most. Ms. Brooks also speaks of considering velocity and ability to handle risks when assessing a risk profile.
September 9, 2010
Due to the increasing costs associated with protecting and maintaining data, a holistic approach to data risk management is becoming essential to organizations. A whitepaper published by IBM discusses the framework and practices involved in using a holistic approach for implementing data risk management programs across organizations.
May 5, 2009
Risk professionals should consider seven questions in evaluating risk management tools, improving risk management practices, and assessing the state of ERM in an organization. Professionals should ask these seven questions: (1) if the risk management process really assesses risk; (2) if the risk assessment is context-driven; (3) if the risk management process address root causes of failure; (4) what business performance says about risk; (5) what the organization’s risks say about its controls; (6) what the organization’s controls say about its risks; and (7) if the professionals and their organizations are up for the task of risk management.
From SME Bonnie Hancock
From SME Mark Beasley , Ph.D
From SME Bruce Branson
September 26, 2014
February 21, 2014
February 25, 2014
ERM Professional Training
ERM Roundtable Summit
Send me the agenda on the next Roundtable
Custom Executive Training
Enterprise Risk Management Library:
- Enterprise Risk Management Basics
- Risk Management Fundamentals
- Risk Management Leadership
- Risk Management Benchmarking
- Risk Management Trends