S&P’s ERM Reviews for Non-Financial Issuers – Where Do We Stand?

Beginning in the third quarter of 2008, Standard & Poor’s credit review process of non-financial companies now includes an evaluation of the organization’s management of enterprise risk programs as a component of management effectiveness. The credit reviews focus on an evaluation of the risk management culture within the organization and an investigation of the strategic use of risk management data. This AICPA Audit Committee Brief describes the ERM assessment processes and methodology employed by the S&P in evaluating risk management programs in non-financial issuers.

Some Key Highlights of the Article:

How does S&P evaluate ERM?

• S&P evaluates a company’s risk culture, governance, and strategic data use 
• S&P assesses how well a company manages risk within tolerances to meet business objectives 
• S&P reviews a company’s track record of risk management program execution 
• S&P considers how well a company allocates risk-based capital 

How does ERM impact a company’s rating?

• The importance of ERM depends on the company’s risks, its ability to absorb losses, and its susceptibility to those risks 
• S&P’s ERM evaluations can inform their credit analysis of rated entities 
• S&P’s ERM analysis can drive some rating and outlook changes 

What is an ERM Evaluation Report? 

• An ERM Evaluation Report can serve as a benchmark for ERM practices, identify control effectiveness, and provide risk metrics

Original Article Source: “S&P’s ERM Reviews for Non-Financial Issuers – Where Do We Stand? ” , AICPA, 2008. Note that key insights for this article were generated with the assistance of Google’s AI tool.