From The ERM Library
Companies are always scanning the business landscape for the next way to get ahead, to gain a competitive advantage, and to take the next step, particularly in the area of risk management. Most companies have some form of risk management, whether the traditional silos or the more robust enterprise risk management, and their purpose ranges from protecting assets to pursuing opportunities. These same companies often have an over-looked, or at least underutilized asset, in their internal audit function. Internal audit understands the business operations and controls; however, they share a common goal with risk management, which is to improve the effectiveness of risk management. This common goal leads to a potential synergy that can help a company reach that next step in risk management. The Risk Insurance Management Society (“RIMS”) and The Institute of Internal Auditors (“IIA”) joint white paper highlights the why, the how, and the proof that leveraging your internal audit function in risk management can not only work, but work well.
June 6, 2013
Enterprise risk management is a matter of business process, but it is important to remember the part that people play in implementing ERM. An organization’s “risk culture,” the way an organization’s personnel collectively view, communicate about, and respond to risk, can make or break an otherwise well-designed ERM process. In this May 2013 article from McKinsey & Company, authors Alexis Krivkovich and Cindy Levy discuss risk culture and its critical role in effective ERM. The authors describe the key characteristics of a healthy risk culture, and they also highlight two challenges that organizations must be mindful of in developing risk culture
Our Top Articles
May 5, 2009
While the concept of a risk appetite framework is sound and can provide many benefits to organizations, many of these frameworks failed during the current crisis due to design and application problems. Organizations can learn from several key failings in risk appetite frameworks that were highlighted by the crisis. Though this article looks at risk appetite from the perspective of banks, the suggestions are applicable to many types of organizations seeking to improve their risk appetite framework.
February 2, 2013
There is a growing need for organizations to understand how their strategies are shaping their corporate sustainability responsibilities. New business practices may be needed to enhance and promote environmental, social, and governance (ESG) initiatives. Certain strategic risks may arise if these efforts are not executed in an effective manner. A recent report issued by The Conference Board explains the need to enable sustainability reporting as an essential imperative for engaging investors, customers, and employees in eventually lowering certain risks. Furthermore, it outlines risk management strategies on how best to communicate, engage and integrate the matter of sustainability reporting.
March 3, 2013
In this recently published report, business consulting firm Protiviti reveals the results of its annual “Internal Audit Capabilities and Needs Survey.” The survey was administered in late 2012 to over 1,000 internal audit professionals from organizations of all sizes, and across a broad range of industries. The questions in the survey are designed to draw out internal auditors’ perspectives on the current and emerging skill requirements facing the internal audit function; each survey respondent is also asked to grade how well their organization’s internal audit group is handling these looming challenges. Protiviti’s report highlights the growing need for internal audit professionals to expand their knowledge base and skill sets in order to address a new wave of enterprise risks.
November 11, 2006
A survey administered to financial professionals of large public companies that explores their views on the key risks facing their companies and how they are managed. The consensus is that the nature of risk is changing due to new business models. Enterprise Risk Management (ERM) has emerged as a possible solution to many of the risks indicated.
May 5, 2011
With the scarcity of useful guidance to help organizations determine risk appetite and risk tolerance, the Institute of Risk Management (IRM) is seeking to clarify and produce guidance to more effectively communicate an understanding of risk appetite. As a result, IRM released a consultation paper with detailed approaches for developing and using risk appetite and risk tolerance in risk management. In addition to the guidance provided, questions are listed throughout the document with the suggestion that they be asked in the boardroom to ensure that risk appetite and risk tolerance are being adequately addressed.
December 12, 2010
Organizations are seeing the value of adopting a risk-based approach to execute strategies in order to survive in a post-recession world. This approach enables managers to focus on opportunities in strategic plans, as well as minimizing the potential impact of threats. A recent article in the Journal of Business Strategy outlines four steps to execute a strategy using a risk-based approach.
August 8, 2009
In response to the current economic crisis, company boards and audit committees are looking for ways to improve their approach to risk oversight. Risk management perspectives are becoming more focused on external versus internal factors and are being broadened to a long-term approach. The board of directors and audit committee should give more attention to the entity’s risk appetite to ensure that the risks being taken are in alignment with the entity’s strategic objectives. The approach to risk management should be broadened, dynamic, and long-term. This whitepaper discusses how to evaluate the quality of a risk management system and how to ensure that a risk oversight strategy is appropriate.
February 2, 2011
After the recent global financial crisis, many economies and financial markets around the world appear to be strengthening. However, serious concerns still exist as organizations are not returning to the same environment, but rather one that is constantly changing. That reality is causing many organizations to change their risk management approach. Deloitte recently conducted a survey of financial institutions in an effort to understand the state of risk management in this new environment. Though the survey analyzes the financial industry, this white paper is applicable to many different types of organizations.
January 1, 2010
Risk management has quickly become the most targeted area of improvement since the financial crisis for businesses to help prevent another crisis or lessen the impact if another one were to occur. With this intensified focus comes confusion about how ERM applies to corporate governance and internal controls. This article by Bonnie Hancock briefly explores these relationships and how they should be understood within an organization.
June 6, 2010
The devastating effects of the global credit crisis can be linked to the failure of organizations to embed risk management within the foundation of strategic and operational processes. Now, increased pressures from all around call for an integrated and aligned approach to risk management. This white-paper explores how organizations can effectively align performance and risk management processes to not only reduce risk but also embrace opportunities.
December 12, 2008
Boards of directors are charged with corporate governance tasks that include setting executive compensation and developing the corporation’s strategic agenda in light of its risk tolerance. Using short-term performance metrics, like stock price or earnings per share, to determine executive compensation may encourage executives to make decisions that are not aligned with the corporation’s strategic plan or overall risk appetite.
May 5, 2012
The turmoil surrounding recent announcements of over $2 billion in trading losses at JPMorgan Chase is now shining a spotlight on risk management failures at the bank. A front-page story in The New York Times (May 15, 2012) reveals that in the years leading up to the bank’s trading loss, risk managers and some senior investment bankers raised concerns that the bank was making increasingly large investments in complex trades, but their concerns were ignored and dismissed. Some allege that the senior executives failed to respond to concerns from internal risk officers, who were largely side-lined. This unfolding story is highlighting the critical importance of the tone at the top regarding maintaining and enforcing an appropriate risk management culture and continues to support the call for direct lines of reporting from chief risk officers to independent members of the board of directors.
October 10, 2011
PwC’s 2011 Annual Corporate Director Survey report summarizes the responses of 834 corporate directors concerning stakeholder concerns. Critical areas highlighted in the findings were executive compensation, succession planning, and risk management. Given that expectations of governance oversight have reached unprecedented levels, boards are working to adapt their risk oversight role to the shifting risk landscape. See what directors say about their risk oversight maturity.
June 6, 2012
Organizations often employ a rules-based model to manage risk; however history suggests that such an approach may not be an effective way to manage all types of risk. This Harvard Business Review article provides a framework for thinking about risk management that is centered on breaking an organization’s risks into three categories. The authors demonstrate, through real-world examples, how each category of risk is best managed through certain types of risk management mechanisms. Each of these mechanisms plays a role in strengthening the organization’s overall risk management function.
June 6, 2011
For many organizations risk management is rapidly developing into a more forward looking, enterprise-wide approach, according to Accenture’s 2011 Global Risk Management study of almost 400 executives from 10 major industries. To achieve effective enterprise risk management, organizations must focus on being proactive, rather than merely reactive, and use risk management to both drive competitive advantage and sustain future profitability and growth. The study highlights key results from their survey, challenges that remain, and recommendations that can improve risk management programs.
January 1, 2014
The Board of Directors (“the Board”) plays an integral role to the risk management function of a corporation. Risk has been at the forefront of debated topics over the years, more so in the recent years due to the financial crisis that drew the ire of the public, legislators, and the media over compensation of executives. When considered with the ongoing global economic instability and increasing regulatory requirements, the development of rigorous risk management procedures will continue to change. In a recent article from the Bank and Corporate Governance Law Reporter, authors provide an overview of past issues and updates to emerging issues regarding the Board’s risk oversight function from regulatory requirements to suggested best practices.
November 11, 2011
Often times, corporations don’t see the value in adding additional processes in order to have an enterprise-wide view of risk management. Laurie Brooks, retired Chief Risk Officer at Public Services Enterprises Group and current board of director at Provident Financial Services, explains how looking at risk across business segments and from both the bottom-up and top-to-bottom perspectives can really help companies see what risks they need to monitor most. Ms. Brooks also speaks of considering velocity and ability to handle risks when assessing a risk profile.
September 9, 2010
Due to the increasing costs associated with protecting and maintaining data, a holistic approach to data risk management is becoming essential to organizations. A whitepaper published by IBM discusses the framework and practices involved in using a holistic approach for implementing data risk management programs across organizations.
May 5, 2009
Risk professionals should consider seven questions in evaluating risk management tools, improving risk management practices, and assessing the state of ERM in an organization. Professionals should ask these seven questions: (1) if the risk management process really assesses risk; (2) if the risk assessment is context-driven; (3) if the risk management process address root causes of failure; (4) what business performance says about risk; (5) what the organization’s risks say about its controls; (6) what the organization’s controls say about its risks; and (7) if the professionals and their organizations are up for the task of risk management.
From SME Bonnie Hancock
From SME Mark Beasley , Ph.D
From SME Bruce Branson
September 18, 2012
April 15, 2014
April 22, 2014
ERM Professional Training
ERM Roundtable Summit
Send me the agenda on the next Roundtable
Custom Executive Training
Enterprise Risk Management Library:
- Enterprise Risk Management Basics
- Risk Management Fundamentals
- Risk Management Leadership
- Risk Management Benchmarking
- Risk Management Trends