Skip to main content
Poole College of Management
Enterprise Risk Management Initiative

Briefs and Insights

Jan 4, 2021

Improving Management Review Controls

Mark Beasley, Alan T. Dickson Distinguished Professor of Accounting and Director of the Enterprise Risk Management Initiative in the Poole College of Management at NC State University, is the co-author (along with John Fogarty and Doug Prawitt) of a thought paper, Perspectives on Management Review Controls: Challenges and Solutions, released by the Center for Audit Quality.  This thought paper provides information and insight on issues surrounding the design, implementation, execution, and documentation of MRCs. 

Jul 7, 2020

Getting Your Arms Around Risk Appetite

executives sometimes struggle to find ways to put their risk appetite into words so they can cascade that across the organization to business leaders who need it to make prudent business decisions. 

Jun 17, 2020

ISO’s Risk Management Framework

ISO’s Risk Management-Guidelines is a widely embraced framework for implementing ERM in any type of organization.  Issued by the International Organization for Standardization (ISO), ISO 31000:2018 provides guidelines on managing risks to help business leaders create and protect entity value through the management of risks in the context of decision making. The Framework bases the management of risks on principles, a framework, and process.

Jun 17, 2020

COSO’s ERM Framework

One of the most widely embraced ERM frameworks is COSO’s Enterprise Risk Management – Integrating with Strategy and Performance issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Originally issued by COSO as the Enterprise Risk Management – Integrated Framework in 2004, the framework was revised in 2017 to strengthen the emphasis on the integration of ERM with strategy and performance.

Feb 11, 2020

Effective ERM Can Promote Stakeholder Balance

This article provides an overview of the Business Roundtable (BRT) Statement on the Purpose of the Corporation.

Jan 24, 2020

Categorical Thinking

Categorical thinking is the old-school thinking style and change is necessary in order to succeed in the modern day economy. This article from Harvard Business Review provides an in-depth analysis of the four most important dangers created by categorical thinking through a series of real-world examples and studies. The authors proposed a simple four-step process to combat those dangers and best prepare business leaders for the next wave of the data revolution.

Jan 24, 2020

Preparing for an Uncertain Future: Scenario Planning and War-Gaming

A Risk Intelligent Enterprise puts an organization in the best position to plan for and manage risks, take advantage of opportunities and be flexible enough to respond as the environment changes and risks arise in the future. In doing so, an organization can engage in various strategic initiatives and risk management efforts to identify and mitigate the impact of uncertain futures. This article published by Deloitte, outlines two tools to help companies think outside the box and perform a what-if analysis to gain a wider view of future events that could impact an organization's ability to achieve its strategic objectives.

Jan 24, 2020

Predictive Risk Intelligence Strategies

Predictive Risk Intelligence, or PRI, is the future of risk management. The article, published by Deloitte, introduces the concept, explains monitoring methods and provides examples as to how advanced analytics can help organizations prepare for emerging risks by leveraging both internal and external data sources. This concept can provide value in many ways such as reducing manual intervention and the potential for human error and helping companies predict risk before the loss event occurs.

Jul 31, 2019

Endpoint Security Risks

Cyber security is an ever-changing risk with continuing innovation of new technologies. As new technologies develop, cyber-attacks evolve with the times. This results in organizations having a difficult time securing their endpoints and incurring substantial costs for each successful cyber-attack (an endpoint device is an internet-capable computer hardware device such as desktop computers, laptops, smartphones, tablets, and printers). This article focuses on a survey that was conducted to find how endpoint security is breaking down and what these organizations are doing to correct the issues.

Jul 30, 2019

CEO and Board Risk Management

Senior leaders often view threats in a vacuum, acknowledging their existence but missing the mark on how best to solve them. These leaders tend to know that threats are on the horizon but, in many cases, are not managing them in a strategic way. They are not seeing these critical threats as interconnected, complex risks that, when managed correctly, could create opportunities for accelerating growth. Managing risk is a critical facet of the roles of CEOs and board members. This is particularly true in today's environment of ongoing disruption, innovation, and technological change.