Adding Value, Not Bureaucracy: Linking Governance, Enterprise Risk Management and Internal Controls

The increased awareness and popularity of Enterprise Risk Management has raised several questions concerning ERM and how it applies to corporate governance and internal controls. This brief article explores the relativity between ERM, governance, and internal control. The essence of corporate governance is that it exists as a system to enable an organization to reach long-term goals and objectives.  Therefore, it is evident that a system of managing risks on a enterprise-wide, continuous basis would be necessary for effective corporate governance. 

ERM serves to exist as a subset of corporate governance, and internal controls as a subset of ERM.  Internal controls focus on a smaller scale within the company, sometimes ignoring the strategic objectives that ERM includes.  Companies can therefore build upon their existing internal control systems and encompass strategic level processes to identify risks and opportunities not typically seen on an immediate basis.  The internal audit function can also provide assistance by providing a base of risk-assessments to identify which risks are the most significant to the overall strategies. 

Original Article Source:  ““Adding Value, Not Bureaucracy: Linking Governance, Enterprise Risk Management and Internal Controls,” AICPA, January 2010