Skip to main content

All Resources

Jun 1, 2010

Nine Hallmarks of Successful ERM

As organizations seek to strengthen their risk oversight, they are interested in learning from others about effective practices that ensure risk oversight provides strategic value. The Aon Global Risk Consulting report explored how ERM is being used, the extent to which it has been implemented and its effect on organizational goals. It provides an overview of nine distinguishing characteristics of successful ERM approaches. This report expands on the detailed results from the survey, including the point that ERM has continued to evolve as an accepted and required process to create value.

May 3, 2010

COSO Fraud Study 2010

The Committee of Sponsoring Organizations of the Treadway Commission (commonly known as COSO) has released the study, Fraudulent Financial Reporting: 1998-2007, An Analysis of U.S. Public Companies, that examines financial statement fraud allegations investigated by the U.S. Securities and Exchange Commission over a ten-year period. The study provides an in-depth analysis of the nature, extent, and characteristics of accounting frauds and provides helpful insights regarding new and ongoing issues that need to be addressed. The study examines nearly 350 alleged accounting fraud cases investigated by the SEC during the period, 1998-2007. Mark Beasley, Deloitte Professor of Enterprise Risk Management at NC State is one of the study's co-authors.

Nov 4, 2009

Strengthening Enterprise Risk Management for Strategic Advantage

COSO's Strengthening Enterprise Risk Management for Strategic Advantage focuses on specific areas where the board of directors and management can work together to improve the board's risk oversight responsibilities and ultimately enhance the entity's strategic value. This thought paper expands on COSO's Effective Enterprise Risk Oversight: The Role of the Board of Directors and provides further detail on the four specific areas discussed in that document.

Oct 1, 2009

Risk Governance: Balancing Risk and Reward

In October 2009, the National Association of Corporate Directors (NACD) issued a Blue Ribbon Commission report containing guidance for board members regarding how to strengthen their risk oversight practices. The report describes the importance of risk governance and strategic risk alignment, and highlights that the board should be fully responsible for risk oversight, only delegating tasks that might need a more specialized focus. At the end of the day, the board as a whole should be in charge of ensuring that management has aligned their strategy and risk appetite for the company.

Sep 1, 2009

Effective Enterprise Risk Oversight: The Role of the Board of Directors

COSO's Effective Enterprise Risk Oversight: The Role of the Board of Directors is focused on aiding boards of directors in strengthening their enterprise risk oversight responsibilities. The current economic crisis has caused the role of the board of directors to become far more challenging than in the past. The thought paper highlights critical board responsibilities by using four specific areas in COSO’s Enterprise Risk Management – Integrated Framework that contribute to board oversight of enterprise risk management.

Jul 1, 2009

Determining the Value of ERM

In the current economy, companies are under pressure to justify all major investments, including enterprise risk management (ERM). In this article, KPMG provides some common approaches for valuing ERM programs or ERM components. Placing a value on ERM can help companies realize the return of their investment through reduced costs, increased reputation, and improved decision-making.

Jun 1, 2009

Internal Audit’s Role in Managing Reputation Risk

Reputational risks and corporate missteps are having more significant impacts on bottom lines and stakeholder perceptions of companies than ever before. Therefore, companies are recognizing the importance of reputational risk and placing a greater emphasis on reputational risk management. Internal audit departments can play a significant role in helping companies manage reputational risks through their advisory and monitoring efforts.

May 1, 2009

Seven Question Guide to Assessing Your Enterprise Risk Management Practices

Risk professionals should consider seven questions in evaluating risk management tools, improving risk management practices, and assessing the state of ERM in an organization. Professionals should ask these seven questions: (1) if the risk management process really assesses risk; (2) if the risk assessment is context-driven; (3) if the risk management process address root causes of failure; (4) what business performance says about risk; (5) what the organization's risks say about its controls; (6) what the organization's controls say about its risks; and (7) if the professionals and their organizations are up for the task of risk management.

Apr 15, 2009

Risk Culture of Companies

Risk culture is an area of risk management that has become a recent focus for many boards. Risk culture is the system of values and behaviors present in an organization that shapes risk decisions of management and employees. A first step to addressing the risk culture of an organization is a conversation among management and the board involving topics such as "tone at the top" effective communication, and appropriate incentives. A strong risk culture will take time to develop in an organization and its presence will mean that employees know what a company stands for, the boundaries within which it can operate, and that they can openly discuss which risks should be taken in order to achieve the company's long-term strategic goals.

Apr 15, 2009

Importance of Risk Management Mindset

Many companies that were unprepared for the current economic situation have become hesitant to make decisions regarding the future. For companies to regain confidence in making these decisions there needs to be a realization that risk management models are only as good as the decisions that are made based on the models. As a result, the risk management mindset is just as important as the model. Companies can focus on their risk management mindset by re-defining risk to include a more integrated view of risk and constructing a new "risk architecture" that incorporates information external to the company and looks at interdependencies to help make better decisions and more successfully manage their risks.