Skip to main content
Poole College of Management
Enterprise Risk Management Initiative

All Resources

Jan 1, 2012

Risk Committees

While most often the board of directors delegates risk oversight to the audit committee, increasingly boards of creating separate board level risk committees charged with that responsibility. This is particularly true for financial services firms, given requirements imposed by the Dodd-Frank legislation for larger banks to form separate risk committees. In an effort to assist companies who are considering the establishment of a board risk committee, Deloitte has organized a resource guide of ideas, recommendations, and specific tools. This resource will help assist those entities that will need to be in compliance with the Federal Reserve’s requirements developed to implement the provisions of Dodd-Frank. Although the guide is helpful for companies that must comply with the new Dodd-Frank regulations, it can be useful for any company that wishes to obtain more information on risk governance and oversight.
David Hughes

Nov 2, 2011

Interviewing as a Technique for Risk Identification

David Hughes, Assistant VP of ERM and Business Continuity Planning at Hospital Corporation of America, discusses the interviewing process the company employs to identify top strategic risks.

Nov 1, 2011

Proactively Managing External Relationship Risk

The focus on managing third-party risk is becoming prevalent in the current business environment as more organizations turn to external providers to gain access to needed services, reduce costs, or achieve other strategic advantages. While most executives recognize the importance of thinking through risks associated with delegating key tasks to external parties, several studies suggest the extent of vendor risk assessments is lacking and they fail to be adequately resilient in holding vendors to certain risk management standards. A thought paper by Crowe Horwath presents a process for managing third-party relationship risks by utilizing a risk landscape framework. They highlight three steps to implement a successful third party risk management program.

Oct 17, 2011

Compliance, Ethics and Enterprise Risk Management

Carlo V. di Florio, the Director of Office of Compliance Inspections and Examinations at the SEC spoke about the relationship between compliance, ethics and ERM. He made his speech at the National Society of Compliance Professionals (NCSP) National Meeting in October 2011. The speech outlined the importance of ethics in compliance and ERM exercises. It also presented ten elements of effective ethics, compliance and ERM programs. The speech also emphasized the need to clarify an organization's five lines of defense namely the business, key support functions, internal audit, senior management, and the board of directors.

Aug 1, 2011

Avoiding Confirmation Bias in Decision Making

Executives today are becoming even more aware of the biases within their own mind that can prevent them from making the correct decisions. One of these major biases is confirmation bias, which is the phenomenon in which people throw away any evidence as irrelevant if it contradicts their initial notion of the situation. Increased awareness of the decision making process can help executives better evaluate situations when coming to a major decision. Confirmation bias is likely to be present in any risk identification and risk assessment task as new information comes to light that might contradict our preconceived notions about a risk event. This thought paper explores twelve questions to think through before jumping into the deep end and making a major decision with an unfounded assumption as its base.

Jul 1, 2011

Managing Social Media Risks

As organizations realize the potential of social media to positively benefit their marketing and advertising strategies, they are also aware of potential risks. In a white paper published by Crowe Howarth LLP, the authors outline sources from which social media risks can originate and provides a six-step approach that an organization can use to create an effective social media risk management strategy.

Jul 1, 2011

Managing Human Capital Risk

Though companies recognize the high impact of Human Capital Risk (HCR), many still have immature HCR management processes, if any. The Conference Board researched companies based in North America, Europe, and Asia-Pacific to evaluate current HCR management practices. Companies with Strategic Workforce Planning (SWP) indicated better HCR maturity. The research in this article also highlights a need for HR and ERM executives to engage each other more to better understand risks associated with their human capital management.

May 1, 2011

A Comprehensive Guide to Risk Appetite and Risk Tolerance

With the scarcity of useful guidance to help organizations determine risk appetite and risk tolerance, the Institute of Risk Management (IRM) is seeking to clarify and produce guidance to more effectively communicate an understanding of risk appetite. As a result, IRM released a consultation paper with detailed approaches for developing and using risk appetite and risk tolerance in risk management. In addition to the guidance provided, questions are listed throughout the document with the suggestion that they be asked in the boardroom to ensure that risk appetite and risk tolerance are being adequately addressed.

Apr 1, 2011

Homeland Security Risk Management Fundamentals

The Department of Homeland Security (DHS) plays a critical role in leading a unified effort in the management of the diverse and complex set of risks facing the United States. To strengthen capabilities in fulfilling its mission, DHS has created a Risk Management Fundamentals to provide a structured approach for the distribution and use of risk information and analysis efforts across the Department. The publication lists key principles, discusses approaches, and explains the process of effective risk management intended for DHS organizations and personnel to adopt.

Jan 3, 2011

Increasing Complexity Creates Challenges for Risk Management

Managing complexity is quickly becoming one of the greatest challenges for large organizations today. A white paper published by KPMG presents findings related to a study of the causes and impact of complexity affecting large companies. The pace of change and global interconnections in business have resulted in increasing complexity, creating significant risk management challenges for companies. Increased risks to manage emerged as one of the greatest challenges created by complexity, according to the study.