Skip to main content
Poole College of Management
Enterprise Risk Management Initiative

ERM Leadership and Governance

Nov 1, 2013

Create Synergies between Risk Management and Internal Audit

Companies are always scanning the business landscape for the next way to get ahead, to gain a competitive advantage, and to take the next step, particularly in the area of risk management. Most companies have some form of risk management, whether the traditional silos or the more robust enterprise risk management, and their purpose ranges from protecting assets to pursuing opportunities. These same companies often have an over-looked, or at least underutilized asset, in their internal audit function. Internal audit understands the business operations and controls; however, they share a common goal with risk management, which is to improve the effectiveness of risk management. This common goal leads to a potential synergy that can help a company reach that next step in risk management. The Risk Insurance Management Society ("RIMS") and The Institute of Internal Auditors ("IIA") joint white paper highlights the why, the how, and the proof that leveraging your internal audit function in risk management can not only work, but work well.

Jun 19, 2013

Risk Culture’s Critical Role in ERM

Enterprise risk management is a matter of business process, but it is important to remember the part that people play in implementing ERM. An organization’s “risk culture,” the way an organization’s personnel collectively view, communicate about, and respond to risk, can make or break an otherwise well-designed ERM process. In this May 2013 article from McKinsey & Company, authors Alexis Krivkovich and Cindy Levy discuss risk culture and its critical role in effective ERM. The authors describe the key characteristics of a healthy risk culture, and they also highlight two challenges that organizations must be mindful of in developing risk culture

Feb 13, 2013

Strengthening the Role of the Chief Risk Officer in an Organization

The role of chief risk officer (CRO) has been put under a microscope to understand methods and key success factors that can enhance the role. Organizations now, more than ever before, are appointing CROs to improve their risk function and better manage potential risks that could impede their strategy. To achieve that, the CRO must be placed in a position that is fundamental as well as instrumental in the decision-making and strategy-setting process. This Protiviti white paper provides six key critical success factors that organizations should be aware of and promote to ensure that their organization is in a better risk management position than in the past.

May 1, 2012

Lack of Senior Manager Support Impairs Risk Management

Here's a new twist to "risk management" one of the most damaging risks an organization may face is "management" itself. The article "Risky Management" in Disaster Recovery Journal highlights the realities of how management's attitude and embrace of risk management approaches can undermine the organization's effectiveness at managing key risk events. Although many executives understand that risk management benefits everyone, not all share this view. The article outlines three categories of management that have a negative effect on an enterprise's risk management strategies: management that ignores reasoned words, management that works against others' efforts and management that is nonexistent in the execution of a plan.

Feb 1, 2012

Is it Necessary to Have a Separate Risk Committee?

A hot topic in risk management discussions within organizations is the debate about whether a separate risk committee is necessary for a company to have effective enterprise risk management processes. The authors of this Conference Board article believe “It depends.” The risk management process is a very individualized process. Organizations need to take a long look in the mirror to ensure that a separate risk committee would not create more unnecessary bureaucracy. By learning the business and its strategies more intimately, the organization can determine the risk environment of the firm at a higher level, which in turn will give insights into the necessity/requirement of having a separate risk committee.

Jan 1, 2012

Risk Committees

While most often the board of directors delegates risk oversight to the audit committee, increasingly boards of creating separate board level risk committees charged with that responsibility. This is particularly true for financial services firms, given requirements imposed by the Dodd-Frank legislation for larger banks to form separate risk committees. In an effort to assist companies who are considering the establishment of a board risk committee, Deloitte has organized a resource guide of ideas, recommendations, and specific tools. This resource will help assist those entities that will need to be in compliance with the Federal Reserve’s requirements developed to implement the provisions of Dodd-Frank. Although the guide is helpful for companies that must comply with the new Dodd-Frank regulations, it can be useful for any company that wishes to obtain more information on risk governance and oversight.

Oct 17, 2011

Compliance, Ethics and Enterprise Risk Management

Carlo V. di Florio, the Director of Office of Compliance Inspections and Examinations at the SEC spoke about the relationship between compliance, ethics and ERM. He made his speech at the National Society of Compliance Professionals (NCSP) National Meeting in October 2011. The speech outlined the importance of ethics in compliance and ERM exercises. It also presented ten elements of effective ethics, compliance and ERM programs. The speech also emphasized the need to clarify an organization's five lines of defense namely the business, key support functions, internal audit, senior management, and the board of directors.

Jul 1, 2011

Managing Human Capital Risk

Though companies recognize the high impact of Human Capital Risk (HCR), many still have immature HCR management processes, if any. The Conference Board researched companies based in North America, Europe, and Asia-Pacific to evaluate current HCR management practices. Companies with Strategic Workforce Planning (SWP) indicated better HCR maturity. The research in this article also highlights a need for HR and ERM executives to engage each other more to better understand risks associated with their human capital management.

Jan 3, 2011

Increasing Complexity Creates Challenges for Risk Management

Managing complexity is quickly becoming one of the greatest challenges for large organizations today. A white paper published by KPMG presents findings related to a study of the causes and impact of complexity affecting large companies. The pace of change and global interconnections in business have resulted in increasing complexity, creating significant risk management challenges for companies. Increased risks to manage emerged as one of the greatest challenges created by complexity, according to the study.

Jul 1, 2010

How Did BP’s Risk Management Lead to Failure?

The news has been flooded with updates on the environmental impact of the BP oil spill on the gulf coast and the economic impact on businesses in the surrounding areas. Many are wondering: How could something like this happen? Why has it taken so long to fix? What was BP management thinking? The answers to these questions are centered on one element the financial world has been buzzing about since the financial crisis: risk management. This article points out the critical components of risk management that were absent at BP and compares them to the basic principles any company should employ to successfully manage risks.