Skip to main content
Poole College of Management
Enterprise Risk Management Initiative

Filtered Results

Jan 1, 2014

Six Recommendations to Improve Board Risk Oversight

The financial crisis and subsequent performance failures, including bankruptcy, has resulted in a bright spotlight on boards for a number of organizations in regards to their effectiveness - and lack thereof - in risk oversight. Scrutiny has increased from regulators and other key stakeholders calling on boards to ensure their risk oversight efforts are strengthened. A recent Deloitte thought paper offers six recommendations that boards may want to consider to strengthen the board's overall risk intelligence.

Jan 1, 2014

The Importance of Integrating Risk Management with Strategy

A recent thought paper, 10 Lessons in Integrating Risk Management with Strategy by Protiviti uses examples of both corporate failures and successes to learn what helped those that survived and thrived reach different outcomes than those that failed and disappeared. The thought paper provides lessons learned as well as tools and techniques executives can use to improve their company’s chances of surviving and thriving in an ever-changing world. The thought paper finds that surviving and thriving companies were able to respond to a pending crisis because they integrate risk into their strategic discussions, allowing them to react quickly enough to take advantage of emerging opportunities.

Nov 1, 2013

Collaborative Risk Management Fundamentals

Over the last decade, a number of organizations have embraced the concept of enterprise risk management (ERM) as a way to strengthen their oversight of the most significant risks to their business. Fortunately, many of realized a number of benefits from an enterprise-wide analysis of their most significant risks, while others unfortunately have experienced frustration in their ERM efforts. A recent thought paper by the Arthur J. Gallagher Think Tank for Higher Education Risk Management highlights common reasons for ERM failure and it identifies common factors associated with entities who are finding value in their ERM efforts. The paper emphasizes the value of strengthened collaboration across the management team as one of the keys to ERM success. The paper calls on organizations to distinguish between risk management as a one-time function performed singlehandedly, and the process of managing risk, which involves collaborative effort and embedded process throughout the organization.

Nov 1, 2013

Create Synergies between Risk Management and Internal Audit

Companies are always scanning the business landscape for the next way to get ahead, to gain a competitive advantage, and to take the next step, particularly in the area of risk management. Most companies have some form of risk management, whether the traditional silos or the more robust enterprise risk management, and their purpose ranges from protecting assets to pursuing opportunities. These same companies often have an over-looked, or at least underutilized asset, in their internal audit function. Internal audit understands the business operations and controls; however, they share a common goal with risk management, which is to improve the effectiveness of risk management. This common goal leads to a potential synergy that can help a company reach that next step in risk management. The Risk Insurance Management Society ("RIMS") and The Institute of Internal Auditors ("IIA") joint white paper highlights the why, the how, and the proof that leveraging your internal audit function in risk management can not only work, but work well.

Jun 19, 2013

Risk Culture’s Critical Role in ERM

Enterprise risk management is a matter of business process, but it is important to remember the part that people play in implementing ERM. An organization’s “risk culture,” the way an organization’s personnel collectively view, communicate about, and respond to risk, can make or break an otherwise well-designed ERM process. In this May 2013 article from McKinsey & Company, authors Alexis Krivkovich and Cindy Levy discuss risk culture and its critical role in effective ERM. The authors describe the key characteristics of a healthy risk culture, and they also highlight two challenges that organizations must be mindful of in developing risk culture

Feb 13, 2013

Strengthening the Role of the Chief Risk Officer in an Organization

The role of chief risk officer (CRO) has been put under a microscope to understand methods and key success factors that can enhance the role. Organizations now, more than ever before, are appointing CROs to improve their risk function and better manage potential risks that could impede their strategy. To achieve that, the CRO must be placed in a position that is fundamental as well as instrumental in the decision-making and strategy-setting process. This Protiviti white paper provides six key critical success factors that organizations should be aware of and promote to ensure that their organization is in a better risk management position than in the past.

May 1, 2012

Lack of Senior Manager Support Impairs Risk Management

Here's a new twist to "risk management" one of the most damaging risks an organization may face is "management" itself. The article "Risky Management" in Disaster Recovery Journal highlights the realities of how management's attitude and embrace of risk management approaches can undermine the organization's effectiveness at managing key risk events. Although many executives understand that risk management benefits everyone, not all share this view. The article outlines three categories of management that have a negative effect on an enterprise's risk management strategies: management that ignores reasoned words, management that works against others' efforts and management that is nonexistent in the execution of a plan.

Feb 1, 2012

Is it Necessary to Have a Separate Risk Committee?

A hot topic in risk management discussions within organizations is the debate about whether a separate risk committee is necessary for a company to have effective enterprise risk management processes. The authors of this Conference Board article believe “It depends.” The risk management process is a very individualized process. Organizations need to take a long look in the mirror to ensure that a separate risk committee would not create more unnecessary bureaucracy. By learning the business and its strategies more intimately, the organization can determine the risk environment of the firm at a higher level, which in turn will give insights into the necessity/requirement of having a separate risk committee.

Jan 1, 2012

Risk Committees

While most often the board of directors delegates risk oversight to the audit committee, increasingly boards of creating separate board level risk committees charged with that responsibility. This is particularly true for financial services firms, given requirements imposed by the Dodd-Frank legislation for larger banks to form separate risk committees. In an effort to assist companies who are considering the establishment of a board risk committee, Deloitte has organized a resource guide of ideas, recommendations, and specific tools. This resource will help assist those entities that will need to be in compliance with the Federal Reserve’s requirements developed to implement the provisions of Dodd-Frank. Although the guide is helpful for companies that must comply with the new Dodd-Frank regulations, it can be useful for any company that wishes to obtain more information on risk governance and oversight.

Oct 17, 2011

Compliance, Ethics and Enterprise Risk Management

Carlo V. di Florio, the Director of Office of Compliance Inspections and Examinations at the SEC spoke about the relationship between compliance, ethics and ERM. He made his speech at the National Society of Compliance Professionals (NCSP) National Meeting in October 2011. The speech outlined the importance of ethics in compliance and ERM exercises. It also presented ten elements of effective ethics, compliance and ERM programs. The speech also emphasized the need to clarify an organization's five lines of defense namely the business, key support functions, internal audit, senior management, and the board of directors.