Skip to main content
Poole College of Management
Enterprise Risk Management Initiative

ERM Initiative Staff

May 1, 2009

Seven Question Guide to Assessing Your Enterprise Risk Management Practices

Risk professionals should consider seven questions in evaluating risk management tools, improving risk management practices, and assessing the state of ERM in an organization. Professionals should ask these seven questions: (1) if the risk management process really assesses risk; (2) if the risk assessment is context-driven; (3) if the risk management process address root causes of failure; (4) what business performance says about risk; (5) what the organization's risks say about its controls; (6) what the organization's controls say about its risks; and (7) if the professionals and their organizations are up for the task of risk management.

Apr 15, 2009

Risk Culture of Companies

Risk culture is an area of risk management that has become a recent focus for many boards. Risk culture is the system of values and behaviors present in an organization that shapes risk decisions of management and employees. A first step to addressing the risk culture of an organization is a conversation among management and the board involving topics such as "tone at the top" effective communication, and appropriate incentives. A strong risk culture will take time to develop in an organization and its presence will mean that employees know what a company stands for, the boundaries within which it can operate, and that they can openly discuss which risks should be taken in order to achieve the company's long-term strategic goals.

Apr 15, 2009

Importance of Risk Management Mindset

Many companies that were unprepared for the current economic situation have become hesitant to make decisions regarding the future. For companies to regain confidence in making these decisions there needs to be a realization that risk management models are only as good as the decisions that are made based on the models. As a result, the risk management mindset is just as important as the model. Companies can focus on their risk management mindset by re-defining risk to include a more integrated view of risk and constructing a new "risk architecture" that incorporates information external to the company and looks at interdependencies to help make better decisions and more successfully manage their risks.

Mar 1, 2009

Key Areas of Concern in Corporate Governance

Strong corporate governance is essential for boards as they are positioned to lead the way in implementing measures that contribute to economic growth and sustainability. There are four areas of corporate governance the National Association of Corporate Directors (NACD) has identified as being the most important and of immediate concern: risk oversight, corporate strategy, executive compensation, and transparency. Within each area of concern, the NACD provides recommendations from their Key Agreed Principles to Strengthen Corporate Governance for U.S. Publicly Traded Companies document as well as addresses future challenges boards will face in improving governance practices in each area.

Mar 1, 2009

Ten Practical Lessons for Risk Management

Recent events have uncovered significant deficiencies in the way risks are managed at financial institutions and many other companies. Research into these deficiencies shows ten practical lessons companies can apply to address current weaknesses and strengthen risk management systems. By wielding appropriate authority, gaining support from senior management, and thoroughly examining the models and incentive systems used, risk managers can greatly improve companies' risk management systems.

Feb 1, 2009

Internal Auditors Partnership with Management

Internal auditors in the past have been used to examine how well management is performing and how well the company is operating. Now there is a need for internal auditors to work in conjunction with management to oversee risks. CHAN Healthcare Auditors realized this change in internal audit and has developed an audit process and tool that allows for a more effective approach to risk management. Even though the approach is mainly geared towards the healthcare industry, it can be used in numerous industries to determine companywide and departmental vulnerabilities.

Jan 1, 2009

Limitations of Traditional Risk Models in Forecasting Risk

The current economic crisis has upset many common assumptions about the global financial system and shaken investor confidence. While there are unique aspects to this crisis, it is important to understand that severe economic crises in general are not rare events. Traditional methods of modeling risk often fail to reflect the frequency of declines and when these declines will occur. It is important for investors to rely on more than the output from traditional risk models in assessing the potential risk associated with investments.

Dec 1, 2008

Aligning Risk Management and Executive Compensation

Boards of directors are charged with corporate governance tasks that include setting executive compensation and developing the corporation's strategic agenda in light of its risk tolerance. Using short-term performance metrics, like stock price or earnings per share, to determine executive compensation may encourage executives to make decisions that are not aligned with the corporation's strategic plan or overall risk appetite.

Dec 1, 2008

Understanding and Articulating Risk Appetite

Risk appetite, when properly understood and articulated, can be a powerful tool for managing risk and enhancing overall business performance by better aligning decision-making and risk. Many organizations have a need for increased clarity regarding their risk appetite and this article provides insights on formulating and defining risk appetites.

Oct 22, 2008

Role of Risk Managers and Continuity Planning

Risk management executives have come to the realization that a cohesive corporate risk management strategy is needed in their companies. They are becoming more involved with business continuity planning and helping with preparedness, mitigation, and recovery for operations.