ERM Articles in Business Press
Recent Additions
ERM: The Importance of Senior Management Buy-In and Leadership
Emerging Expectations for Alignment of Internal Audit and Risk Oversight
The Evolution of Risk and Controls: Seeking Value Creation
The Changing Role of the Finance Organization
The Audit Committee Journey: Charting Gains, Gaps, and Oversight Priorities
Other ERM Articles
Strategic Business Risk – Top 10 Risks in Business for 2008
GRC Strategic Agenda: The Value Proposition of Governance, Risk, and Compliance
Insurance Companies ERM Ratings
Managing IT Risk: A Global Survey for the Financial Services Industry
The New Treasury Diet: Keep It Simple
How Managing Political Risk Improves Global Business Performance
Tax Governance Institute: Tax Risk Management eSurvey
Reputation Risk Management
We Will Never Have a Perfect Model of Risk
Business Risk Management in Government
A Changing Risk Landscape – A Study of Corporate ERM in the U.S.
Tax Risk Management: The Evolving Role of Tax Directors
Best Practices for Structuring ERM Within the Organization
Enterprise Risk Management: The Full Picture
ERM Maturing in Australia and New Zealand
Enterprise Risk Management Quantification – An Opportunity
Assess the Risks – Key Strategies for Overseeing Derivatives
Outsourcing and Offshoring Decisions - Taking a Risk Intelligent Approach
NC State ERM Initiative Responds to S&P Request for Comment
Overview of S&P Proposed ERM Evaluation
Audit Committee Involvement in Risk Oversight
ERM in Higher Education
The Global CFO Study 2008: Balancing Risk and Performance within an Integrated Finance Organization
When Strategy and ERM Meet
Risk: Dealing with Dangers Abroad
The Orange Book: Management of Risk – Principles and Concepts
The Convergence of Physical and Information Security in the Context of ERM
Standard & Poor's Releases a Request for Comment on ERM
Linking Governance to Strategy
ERM at the Federal Reserve Bank of Richmond
Paulson Calls Housing Crisis the “Most Significant Risk” to Economy
Political Risks
Looking to the Future with ERM
Managing Risks and the Strategic Advantages
Risk Manager Trepidation
Governance, Risk Management, and Compliance
Risk Language
CROs Challenged by IT Risks
Functioning Jointly: ERM and Balanced Scorecards
Selecting Risk Consultants
ERM Progress
Survey by KPMG – ERM in the US
Assessing Risks Before Outsourcing
ERM: Frameworks, Elements, and Integration
ERM Strategy: Create and Safeguard Stakeholder Value
Tools and Techniques for ERM Execution
Deloitte’s Risk Management Survey
NIST Risk Mitigation Toolkit
Integrating SOX and ERM – Truths and Myths
ERM – Benefits for Strategic Planning
Selecting Risk Consultants
Managing the Unexpected
ERM Business Drivers
Informatica’s Solution for Data Quality
RIMS ERM Maturity Model
Managing Reputation Risk
For Audit Committees at Consumer Products Companies, ERM Means 'Protect the Brand'
Insurers Discover ERM Isn't Just for Banks Anymore
Conference Board Releases Research Report About Boards and ERM
The 2006 Oversight Systems Financial Executive Report on Risk Management
COSO ERM Framework
Expanding ERM to Embrace Strategic Risks
Integrating Compliance and Ethics in Risk Assessment Agenda
Risk Management Quantification
Internal Audit’s Role: Fraud and Reputation Risks
ERM Guide: Frequently Asked Questions
Evolution of ERM
Emergence of Chief Risk Officers
Driving Need for ERM
Risk Gaps - Demand for ERM
ERM – UnitedHealth Group
Strategy-Risk Focused Organization
Role of the Chief Risk Officer
Benefits of Managed Risks
ERM: Building on Section 404
ERM and Information Technology
Internal Auditing and ERM
Developing a Corporate Focus to Risk Management
ERM Infrastructure and Risk Intelligent Systems
ERM and Business Continuity
Using Technology to Support ERM: A Case Study
Survey Data: ERM Trends
Role of Risk Manager and Continuity Planning
Book Review: Making ERM Payoff
ERM Education: Role of MBA Programs
Outsourcing Decisions - Taking an ERM Approach
Impact of IT Risks on ERM
ERM: The Importance of Senior Management Buy-In and Leadership
Tapestry Networks, Risk Management: In search of a Practical Approach, Ernst & Young, May 2008
Topical Areas: Risk Management Implementation, CEO ERM responsibility, Audit Committee Oversight
Main Theme: The Midwest Audit Committee Network met to discuss effective ways for boards and audit committees to oversee enterprise-wide risk management. The network is a group of audit committee chairs drawn from leading Midwest companies of varying size. This article captures the overall tone of the comments and outlines the conclusions drawn by the committee. While specific quotes are highlighted to emphasize a point, the speaker’s identity is kept confidential.
Summary of article [pdf]
Emerging Expectations for Alignment of Internal Audit and Risk Oversight
PricewaterhouseCoopers, LLP Internal Audit 2012, PricewaterhouseCoopers, LLP (2008).
Topical Areas: Internal Audit’s Role in Risk Oversight; Shift from Compliance to Strategic Controls Focus; Trends for Greater Risk Assessment and Measurement
Main Theme: This report summarized survey responses received by PricewaterhouseCoopers from chief audit executives of Fortune 250 companies about trends affecting internal auditors by 2012, particularly related to internal audit’s role in risk oversight. The report notes that since 2002, many companies have been concerned with meeting compliance standards set forth by the government and regulatory agencies. This has led many companies to begin focusing on how internal controls, including the role of internal audit, can be aligned to create value. As companies now view risk management and internal controls as fundamental to their business operations, they are striving to be proactive versus reactive to risk oversight given the dynamic risk environment associated with accelerated rates of change and faster pace of business. Companies are now beginning to take a risk-centric approach instead of a controls based approach to managing the company. This report details the major trends developing among a number of companies related to the importance of having a risk-centric approach for internal audit.
Summary of Report [pdf]
The Evolution of Risk and Controls: Seeking Value Creation
Economist Intelligence Unit, The Evolution of Risk and Controls: from Score-Keeping to Strategic Partnering, KPMG International, 2007.
Topical Areas: ERM and Value Creation; Integration of Strategy and Risk; Demand for Risk Coordination; Top-Down Risk Perspective; Need for Risk Culture
Main Theme: KPMG partnered with the Economist Intelligence Unit to report on the evolution of risk and controls functions within organizations. This report contains findings of how companies are re-defining the roles and objectives of their risk and controls management. Based on a survey of 435 senior global executives over a cross section of industries, the report highlights the major finding that executives are increasingly trying to find ways to utilize risk management (ERM) as a value-adding activity and partner in business strategy, rather than a mechanized response to threats or ad hoc system designed to merely preserve business objectives. Boards and key stakeholders are placing greater demands on executives to show that risk and controls are making measurable, positive contributions to value creation. A variety of factors has contributed to this change in perspective: volatility of international business proceedings, changing regulatory environment, greater desire for improved cost and efficiency considerations, and the emergence of new business risks. The survey illustrates primary concerns of CEOs in the changing ERM environment and their increasing reliance on risk and control professionals to make strategic decisions. The survey’s questions and responses are cataloged in an appendix to the article.
Summary of Abstract [pdf]
The Changing Role of the Finance Organization
Dan London, Stephen Culp, and Rosanne Williams, The Changing Role of the Finance Organization in a Multi-Polar World: Accenture High Performance Finance Study 2008, Accenture, 2008.
Topical Areas: Finance organization performance, CFOs and Risk Oversight, Integration of Strategy and Risks, Benchmarking Data, Enterprise Performance Management
Main Theme: Today’s focus on the rapid embrace of globalization initiatives has substantially increased the complexity and pace of change that risk executives face. Dealing with the volume and complexities of these uncertainties is becoming one of the most pressing strategic concerns. Responsibilities for addressing these challenges often reside with the finance organization within an enterprise, often led by the chief risk officer. This study not only summarizes insights about the challenges CFOs face, but it also highlights best practices of finance organizations in high-performance organizations. It notes that the finance organization in most global companies is not sufficiently integrated into the businesses to promote strategy development or value creation and very few are very satisfied with the performance of the finance organization in the management of financial and non-financial risks. Masterful finance organizations identified by the study excelled in creating a shared services structure, a strategic approach to outsourcing and talent management, and the implementation of enterprise resource planning systems.
Summary of Report [pdf]
The Audit Committee Journey: Charting Gains, Gaps, and Oversight Priorities
KPMG Audit Committee Institute and National Association of Corporate Directors, The Audit Committee Journey: Charting Gains, Gaps, and Oversight Priorities, KPMG International, 2007-2008 Public Company Audit Committee Member Survey (2008).
Topical Areas: Audit Committee Risk Oversight; Non-Financial Risks; IT Risk Oversight, AC Agenda Priorities
Main Theme: This report by KPMG, LLP describes insights from audit committee members of public companies regarding audit committee priorities and processes. The data come from the 2007-2008 Public Company Audit Committee Member Survey by the KMPG Audit Committee Institute which compiled findings from nearly 300 audit committee members and the 2008 Audit Committee Issues Conference attended by around 120 audit committee members. Key findings include that audit committees have grown more confident in their oversight of traditional financial reporting matters, but they believe there is a significant opportunity to improve their risk management oversight and believe that oversight of risk management is their top oversight priority for 2008.
Summary of Report [pdf]
Strategic Business Risk – Top 10 Risks in Business for 2008
Ernst & Young Research Report, 2008
Topical Areas: Current Strategic Business Risks
Main Theme: Ernst & Young conducted a survey of industry analysts in order to identify the top 10 strategic business risks for 2008. It became clear that there is significant variation in risks between sectors of the economy. Nevertheless, the risks that were rated as having the greatest impact across the largest number of sectors were identified and ranked.
Summary of article [pdf]
GRC Strategic Agenda: The Value Proposition of Governance, Risk, and Compliance
Stephen Walker and Ralph Rodriguez, GRC Strategic Agenda: The Value Proposition of Governance, Risk, and Compliance, Aberdeen Group, February 2008.
Topical Areas: Governance, Risk and Compliance
Main Theme: The increasing barrage of governmental, industry specific, and internal regulations, coupled with the pressures of increased competition and risk in a global market has clearly defined the need for organizations of all sizes to implement GRC initiatives. This article explains the need for GRC, GRC’s interconnectivity with IT, and the high level importance risk management plays in GRC initiatives.
Summary of article [pdf]
Insurance Companies ERM Ratings
Santori, L. and Keith Bevan. Enterprise Risk Management Assessments on Europe’s Insurers. Standard & Poor's RatingsDirect, July 16, 2007.
Topical Areas: ERM ratings and evaluation of European insurance companies
Main Theme: Standard & Poor’s has spent a significant amount of time developing criteria for and measuring the effectiveness of insurance providers’ enterprise risk management (ERM) systems. Recently, they have focused on European insurance companies. They find that the state of ERM practices in Europe may best be described as adequate for a large majority of European insurers.
Summary of article [pdf]
Managing Information Technology Risk: A Global Survey for the Financial Services Industry
Ernst & Young Financial Services, 2008.
Topical Areas: Information technology risk management; financial services industry
Main Theme: Ernst & Young’s first global survey for the financial services industry that provides industry data, trends, leading practices, and opinions on the components of effective information technology (IT) risk management. Based on survey responses, many financial institutions are seeking ways to better integrate IT risk management with their overall risk management program and processes.
Summary of article [pdf]
The New Treasury Diet: Keep It Simple
Banham, Russ. The New Treasury Diet: Keep It Simple, Treasury and Risk Magazine, April 2008.
Topical Areas: Treasury Cash Management Trends
Main Theme: This article deals with the downturn in the auction-rate securities markets and suggestions for treasurers holding these securities.
Summary of article [pdf]
How Managing Political Risk Improves Global Business Performance
PwC Advisory and Eurasia Group Research Report
Topical Area: Political risk
Main Theme: A study was completed by PricewaterhouseCoopers Advisory and Eurasia Group dealing with political risk and how it affects multinational companies. The results of the study showed that multinational companies are not happy with how political risk is being managed. This is an unfortunate situation because political risk affects how companies protect their investments and assess new opportunities. PwC believes that by using an integrated approach based on the COSO model, companies can improve their management of political risk.
Summary of article [pdf]
Tax Governance Institute: Tax Risk Management eSurvey
Tax Governance Institute: Tax Risk Management eSurvey. KPMG. 2007.
Topical Area: Tax Risk Management
Main Theme: Tax risk can arise within several aspects of a company’s business. KPMG conducted a survey among board members, senior management, CFOs, tax executives, and finance and accounting professionals concerning tax risk management. Some of the results indicate that:
- 53% of the respondents claimed that financial reporting risks are the most significant aspects of tax risk currently facing their organization.
- 60% of the respondents claimed that tax risk assessment and management has become more of a priority for their organization’s leadership.
- Yet, 60% stated that their organization does not have a formal, document, tax risk management strategy.
Though many organizations do not have a formal tax risk management strategy, these organizations are taking steps toward creating a formal strategy. The steps are taken mainly due to increasing regulatory pressures.
Summary of article [pdf]
Reputation Risk Management
Tonello, Matteo. Reputation Risk: A Corporate Governance Perspective. The Conference Board (December 2007).
Topical Areas: Reputation Risk Management
Main Theme: Corporations have started to take notice of the importance of reputation risk management, particularly in the past decade. Since 2000, research concerning reputation risk has more than doubled. A use of a top-down risk management strategy, as prescribed in an enterprise risk management strategy, as well as concentration on stakeholders are key parts of successful reputation risk management.
Summary of article [pdf]
We Will Never Have a Perfect Model of Risk
Greenspan, Alan. We Will Never Have a Perfect Model of Risk, Financial Times, March 16, 2008.
Topical Areas: Business cycles, risk management, and the recent financial crisis
Main Theme: Former chairman of the Federal Reserve Alan Greenspan discusses why both risk and econometric models will never reach perfection. Business cycles and surprising discontinuities attribute to imperfection. Though these models helped past crises, Greenspan notes that the most reliable forms of managing against economic failure are market flexibility and open competition.
summary of article [pdf]
Business Risk Management in Government
Hood, Christopher and Henry Rothstein. “Business Risk Management in Government: Pitfalls and Possibilities.” Working Paper, 2000.
Topical Areas: How ERM practices apply to government
Main Theme: While risk management is well-established in the private sector, no generic risk management approaches are available for government entities. Due to potential pitfalls that exist in government practices, it is not feasible to simply apply private-sector risk management guidance directly to the public sector. Government risk management should focus on systemic risk in order to prevent the blame-shifting that is often present in the government sector.
summary of article [pdf]
A Changing Risk Landscape – A Study of Corporate ERM in the U.S.
Shimpi, Prakash and Linda Chase-Jenkins. A Changing Risk Landscape – A Study of Corporate ERM in the U.S., Towers Perrin, 2006.
Topical Areas: Survey on Corporate Risk Factors
Main Theme: A survey administered to financial professionals of large public companies that explores their views on the key risks facing their companies and how they are managed. The consensus is that the nature of risk is changing due to new business models. Enterprise Risk Management (ERM) has emerged as a possible solution to many of the risks indicated.
summary of article [pdf]
Tax Risk Management: The Evolving Role of Tax Directors
Tax Risk Management: The Evolving Role of Tax Directors. Survey, Ernst & Young (2004).
Topical Area: Tax Risk Management
Main Theme: In 2004, Ernst & Young administered a survey with findings that offer insight to tax directors and executives to help them better comprehend the changing scope of the tax function, the rise of tax risk management and how companies are responding. This report also discusses emerging practices as they relate to three key components of tax risk management: awareness and alignment; assessing and managing; and communication and reporting.
summary of article [pdf]
Best Practices for Structuring ERM Within the Organization
Azarchs, Tanya and Prodyot Samanta. “Independence, Control, Respect, and Communication: Best Practices in ERM.” The RMA Journal, September 2005, pp. 36-40.
Topical Area: How ERM should be Structured Within the Organization
Main Theme: In order for the risk management division to function properly, it is essential to structure it properly within the business. The risk management division should be placed in high stature within the firm and should report directly to the CEO. Risk managers should have a deep understanding of the company’s business in order to effectively communicate with risk takers in the organization. Structuring the risk management division properly will ensure a more holistic view of risk within the organization.
summary of article [pdf]
Enterprise Risk Management: The Full Picture
AON Center, “Enterprise Risk Management: The Full Picture,” December 2007.
Topical Areas: Implementing ERM throughout various organizational cultures, regions
Main Theme: An Aon Global Risk Consulting survey conducted among 103 organizations in July 2007 aimed at supporting global organizations in developing enterprise risk management (ERM) strategies throughout various organizational cultures and utilizing sufficient resources to support ERM development and maturity. Key issues are addressed that challenge organizations ability to successfully implement an ERM function, all varying across corporate cultures and regions of the world.
summary of article [pdf]
ERM Maturing in Australia and New Zealand
Ward, Jeanette, “ERM: Evolving, resonating, and maturing down under,” Standard & Poor's Ratings Direct, November 2006.
Topical Areas: ERM strengths and weaknesses in Australia and New Zealand
Main Theme: Companies in a variety of industries based in Australia and New Zealand were asked to rate their implementation of ERM. The survey found that a majority of companies in these countries had made strong improvements in the implementation of ERM in their organizations. The article examines the various strengths and weaknesses of ERM in the companies as seen by top management.
Summary of article [pdf]
Enterprise Risk Management Quantification – An Opportunity
Bohn, Christopher, and Brian Kemp, “Enterprise Risk Management Quantification – An Opportunity,” AON, February 2006.
Topical Areas: Quantification of Risk Using Risk Modeling
Main Theme: Enterprise Risk Management has been getting increased attention in recent years, however much of the focus has been on the qualitative aspects of framework with little focus on the quantitative aspects. This article presents the opportunities for individuals with a quantitative background and develops a framework that can be used to develop a risk model for your organization.
summary of article [pdf]
Assess the Risks – Key Strategies for Overseeing Derivatives
Bakhru, Ashok, Kathleen C. Cuocolo, Elizabeth Duggan, Anthony S. Evangelista, Gary L. French, Peter W. Gavian, Karen Horn, and Bruce G. Leto, “Assess the Risks: Key Strategies for Overseeing Derivatives,” Panel Discussion published by BoardIQ
Topical Area: Oversight strategies for the use of derivatives in mutual funds.
Main Theme: In recent years the use of derivatives by mutual funds has soared. Yet, there has been little guidance offered to boards on the oversight roles when it comes to derivatives. This article offers nine key points to help boards better understand and assess the risks regarding the use of derivatives. Although, this paper is focused on specific boards overseeing mutual funds, many of the points can be applied to any board or manager’s oversight of derivatives.
summary of panel discussion [pdf]
Outsourcing and Offshoring Decisions - Taking a Risk Intelligent Approach
Deloitte. Risk Intelligence Series Whitepaper, The Risk Intelligent Approach to Outsourcing and Offshoring, Issue No. 8.
Topical Area: Outsourcing and Offshoring Decisions: Using a Risk Intelligence Approach
Main Theme: When initiating the use of outsourcing and offshoring, companies should take a Risk Intelligent approach. In doing so, companies can better mitigate risks that develop from outsourcing and offshoring and optimize the benefits from such contracts. Companies should follow the steps within the outsourcing and offshoring lifecycle to when making outsourcing and offshoring decisions.
summary of whitepaper [pdf]
NC State ERM Initiative Responds to S&P Request for Comment
The NC State ERM Initiative has responded to the request for comment issued by Standard & Poor's on their proposed expansion of ERM analysis to nonfinancial companies as part of their overall credit ratings process. The ERM Initiative strongly endorses the S&P proposal to incorporate ERM analysis as an important component of the credit ratings decision. A copy of the comment letter submitted to S&P on January 31, 2008 may be obtained by clicking on the link below. Also below, is the link to the original S&P request for comment.
ERM Initiative Comment Letter
S&P Request for Comment
Overview of S&P Proposed ERM Evaluation
Standard & Poor's proposed expansion of ERM program evaluation to the nonfinancial sector has the potential to significantly affect the credit ratings process for firms in the seventeen industry sectors to be included in their revised analyses.
Audit Committee Involvement in Risk Oversight
Audit Committee Involvement in Risk Management Oversight, Beasley, Mark S., AICPA, New York, NY, December 2007, www.cpa2biz.com
Topical Area: Audit Committees and ERM; Risk Oversight
Main Theme: Many boards of directors are directing executive management to embrace enterprise risk management (ERM) to develop a stronger top-down holistic view of risks affecting the enterprise. In most cases, the board is delegating oversight of management’s risk processes to the audit committee. Audit committees are now examining how they can expand their already full agendas to tackle these emerging expectations. This article briefly overviews the emerging role of ERM and issues facing audit committees.
ERM in Higher Education
ERM in Higher Education, White Paper issued by the University Risk Management and Insurance Organization, Bloomington, IN (www.urmia.org), 46 pages, September, 2007.
Topical Areas: ERM and Higher Education; University Governance.
Main Theme: This document provides guidance for the embrace of Enterprise Risk Management (ERM) in Higher Education. While this is not a step-by-step guide on how to implement ERM at any specific institution, it does provide a good overview of the ERM process, where to begin, and best resources available for structuring and implementing an ERM framework. The document also summarizes examples of ERM at several institutions of higher learning.
summary of white paper [pdf]
The Global CFO Study 2008: Balancing Risk and Performance within an Integrated Finance Organization
The Global CFO Study 2008: Balancing Risk and Performance within an Integrated Finance Organization, Rogers, Stephen, Stephen Lukens, Spencer Lin, Edwina Jon, IBM Global Business Services in cooperation with the Wharton School and Economist Intelligence Unit, 64 pages, 2008.
Topical Area: CFO’s Role in Risk Management; Integrated Finance Organizations; Risk Event Trends; State of Risk Management; Globalization and Risks.
Main Theme: This IBM study of 1,200 CFOs and senior finance professionals reveals that CFOs may be taking the wrong approach to resource and risk management on a global scale. Organizations are turning to global markets deploying assets worldwide and establishing both vertical and horizontal operations in countries well beyond headquarter operations. As they do so, they face an undeniably riskier landscape. In fact, 62 percent of those surveyed encountered material risk events in the last three years, but nearly half (42 percent) were unprepared to manage those risks. Furthermore, risks arise from multiple sources often beyond financial activities. Eighty-seven percent of risk events were strategic, geopolitical, environmental, operational, or legal. Ironically, the study finds that supporting and managing enterprise risk ranked low in importance by survey respondents. Findings suggest that enterprises are looking to the CFO for leadership in risk management to close these performance gaps.
summary of report [pdf]
When Strategy and ERM Meet
“When Strategy and ERM Meet,” Frigo, Mark L., Strategic Finance, January 2008, pp. 45-49
Topical Area: Strategic Risk Management; Risk Opportunities; Performance Measurement and Risk Management
Main Theme: This article describes the intersection of strategic business plans and enterprise risk management (ERM). Recent events concerning collateralized debt obligations (CDOs) and subprime mortgages revealed that some institutions were tempted by the higher yields without managing the higher risks. This article contains three approaches to connect a company’s strategy to its risk management efforts. The three approaches for effective strategic risk management are: (1) a strategic risk management process, (2) a process to identify and protect assets at risk, and (3) strategic risk monitoring and performance measurement.
summary of article [pdf]
Risk: Dealing with Dangers Abroad
“Dealing with Dangers Abroad,” Financial Executives International, Financial Executive, December 2007, pp. 32-37 Frigo, Mark L., Strategic Finance, January 2008, pp. 45-49
Topical Area: Emerging Market Risks; Risk Management and Global Operations; Strategic Risk Management; Risk Opportunities; Performance Measurement and Risk Management
Main Theme: This article addresses challenges associated with managing global risks. Even with improved global communication technologies, better understanding of foreign cultures, and international advisors, breakdowns in strategies and operations now housed around the globe still occur. Despite the observation that prudent risk management suggests companies should select their foreign business operations carefully, surveys suggest that developed-market company executives responsible for risk management confess to not having a strategy in place to manage risks in emerging markets, with North American companies least likely. This article explores processes and techniques to strengthen an organization’s consideration of global risk management.
download article [pdf]
The Orange Book: Management of Risk – Principles and Concepts
The Orange Book: Management of Risk – Principles and Concepts, Her Majesty’s Treasury on behalf of the Controller of Her Majesty’s Stationery Office, the United Kingdom, London, 50 pages, October 2004.
Topical Areas: Advanced Risk Management in Government; ERM Training; Audit Committee Risk Management Oversight; Horizon Scanning
Main Theme: The original Orange Book was published by the British government in 2001 to promote more robust risk management practices in government sectors. Since 2001, organizations have begun to now have basic risk management processes in place. The risk management challenge is no longer in the initial identification and analysis of risk and the development of the risk management process. Rather, the challenge today is in the ongoing review and improvement of risk management. Thus, the British government issued this 2004 revision of The Orange Book to include more advanced guidance, such as the importance of “horizon scanning” (a systematic activity designed to identify indicators of changes in risk). This document also examines how the organization’s risk management activities relate to the wider environment in which it functions.
summary of document [pdf]
The Convergence of Physical and Information Security in the Context of Enterprise Risk Management
Authors: Deloitte and Touche LLP in Canada, commissioned by the Alliance for Enterprise Security Risk Management (AESRM) to research and develop this report. Published by: AESRM 52 pages ©2007.
Topical Areas: Integration of security risks and ERM; Enterprise security risks; Convergence of traditional and information security
Main Theme: This report gives insight into the general state of security convergence, integration of converged security as part of ERM, role of risk councils, and benefits of converged risk management.
Summary of article [pdf]
download article [pdf]
Standard & Poor's Releases a Request for Comment on Enterprise Risk Management
On Thursday, Nov. 15, 2007, S&P issued a request for comment on their proposal to include an assessment of corporate enterprise risk management practices as a key component of their overall credit ratings analysis for nonfinancial companies. S&P proposes to include ERM analysis into their corporate credit rating process as the principal methodology to evaluate management and to determine the overall business profile--a key factor in the S&P credit rating. Four major analytic components will comprise the S&P ERM evaluation. These include analyses of risk management culture and governance, of risk controls, of emerging risk preparation, and of strategic risk management.
Click here to obtain the S&P request for comment
Linking Governance to Strategy
Busco, Cristiano, Elena Giavannoni, Angelo Riccaboni, Davide Franceschi, and Mark L. Frigo, “Linking Governance to Strategy, the Role of the Finance Organization,” Strategic Finance, September 2007, pp. 23 - 28.
Topical Area: Finance Professionals Role in Corporate Governance
Main Theme: Finance professionals should play a key role in corporate governance, including connecting corporate governance to performance metrics and daily operations. This article examines an example of such a role in GE Oil & Gas, where Finance plays a key role in strategic planning and operations, including the integration of risks and opportunities.
Summary of article [pdf]
ERM at the Federal Reserve Bank of Richmond
Dorminey, Jack and Richard Mohn, “ERM at the Federal Reserve Bank of Richmond,” Journal of Government Financial Management, Spring 2007, pp. 46 - 52.
Topical Area: ERM for Governmental and Non-Profit Organizations
Main Theme: This is an examination of an implementation of an ERM discipline in one of the Federal Reserve Banks. It demonstrates a possible model where financial performance targets are not the primary measures of success. The Federal Reserve Bank of Richmond’s ERM approach captured risk within each functional area and then assessed those risk events in terms of both functional and then corporate objectives. Private sector organizations look at threat to value (net worth, revenue, etc.). Public sector firms usually have non-financial objectives. Since measures of success are different, ERM models should be different.
Download article [pdf]
Paulson Calls Housing Crisis the “Most Significant Risk” to Economy
According to The Wall Street Journal article dated October 17, 2007 (Page A5), U.S. Treasury Secretary Henry Paulson claims the decline and related problems in credit and mortgage markets were “the most significant current risk to our economy.” His speech is being viewed as significant because his comments reflect the continuing pressure that is causing turbulence in the financial markets. Mr. Paulson believes the mortgage market problems will continue to persist.
Read the full text of his speech
Political Risks
“Assessing Political Risk,” by Richard Chambers, CIA, CCSA, CGAP and Rachel Jacobs. Internal Auditor, August 2007, pp. 58-64.
Topical Area: Global Trends; Residual Risk; Foreign Corrupt Practices Act; CAEs
Main Theme: Internal Auditor recently published an article titled, Assessing Political Risks, that discusses the role of chief audit executives (CAEs) as they face challenges such as unstable global markets. The article brings to light the importance of understanding the Foreign Corrupt Practices Act and the unavoidable risks associated with doing business abroad.
Summary of article [pdf]
Looking to the Future with ERM
“ERM: The Future of Risk Management,” by Bill Coffin. The Wall Street Journal, June 5, 2007, New York.
Topical Area: Holistic Crusade; RIMS Risk Maturity Model
Main Theme: The article focuses on the increasing number of disasters we have faced in recent years and the use of enterprise risk management (ERM) to prepare businesses for such problems. Because of ERM’s holistic approach, every operation of a business is involved with managing risks together on a daily basis. This holistic crusade for risk management is the key to success and the means for businesses to thrive long into the future.
Summary of article [pdf]
Managing Risks and the Strategic Advantages
“The Strategic Advantages of Managing Risks,” by Russ Banham. The Wall Street Journal, June 5, 2007, New York.
Topical Area: Holistic Methodology or ERM; Governance, Risk, and Compliance Software (GRC)
Main Theme: The article focuses on the importance of diagnostic tools used in managing risks and the need for a holistic methodology such as ERM for providing businesses with a strategic advantage. Companies can benefit immensely from software designed to integrate their compliance and governance activities with ERM.
Summary of article [pdf]
Risk Manager Trepidation
“What Keeps Risk Managers Awake at Night,” by Russ Banham. The Wall Street Journal, June 5, 2007, New York.
Topical Area: Catastrophic Risk; Human Risk Factor
Main Theme: Even though some risks may involve unpredictable natural disasters, managers need to implement plans to reduce the impact such an event(s) would have on their business. Risk managers should implement and maintain successful enterprise risk management plans to give them confidence in the management of unpredictable risks.
Summary of article [pdf]
Governance, Risk Management, and Compliance
One for Three by Scott Leibs, CFO Magazine, September 2007.
Topical Area: GRC, Overlapping Efforts, IT Budgets, Integrating Activities
Main Theme: The article titled One for Three provides an interesting perspective for companies using automation for their governance, risk management, and compliance concerns. Governance, risk management, and compliance (GRC) software has quickly advanced as various industries try to hone in on the best way to manage risks, while at the same time addressing compliance and regulatory issues. Many companies spend a little over 8% of their information technology budget on compliance requirements. Disturbingly, some companies using GRC software admit they are not completely aware of what GRC involves and the full capabilities of the software.
Risk Language
“The Language of Risk,” by Donald Espersen, Internal Auditor, June 2007, pp. 69-73.
Topical Area: Risk Culture; Risk Terminology
Main Theme: Internal Auditor recently published an article titled, The Language of Risk, which stresses the need for a clear risk language throughout all organizations. By using a common language, different levels of a business can communicate more effectively. Without a common risk language, lots of time can be wasted in clarifying risk issues that are miscommunicated.
Summary of article [pdf]
CROs Challenged by IT Risks
“Digital risk: The challenge for the CRO,” An Economist Intelligence Unit white paper, 2005, New York.
Topical Area: Mobile Workforces; Reputation Risks; Outsourcing
Main Theme: The white paper focuses on the increasing dependency companies have on IT processes and the new challenges placed on CROs. Senior executives at various industries were asked to provide insight on digital risks and the role CROs play in tackling such risks.
Summary of article [pdf]
Functioning Jointly: ERM and Balanced Scorecards
Working Hand in Hand: Balanced Scorecards and Enterprise Risk Management by Mark Beasley, Al Chen, Karen Nunez, Lorraine Wright, Strategic Finance. March 2006.
Topical Area: ERM and Balanced Scorecard Framework; ERM Accountability; ERM Performance Incentives
Main Theme: The article titled Working Hand in Hand: Balanced Scorecards and Enterprise Risk Management brings together the benefits and rationale for looking at ERM and balanced scorecards jointly. Not only can balanced scorecards aid a company’s risk management program, but ERM can reinforce the effectiveness of the balanced scorecard. Thus, the two together blend risk management processes with the evaluation of risk management from a strategic perspective. Since both ERM and balanced scorecards share common goals such as a holistic perspective, consistency, and interrelationships, it is in a company’s best judgment to integrate the two.
Selecting Risk Consultants
Risk of Piling ERM on the Audit Committee by Jabulani Leffall, Compliance Week, June 19, 2007.
Topical Area: Audit Committee as Risk Overseer; Rating Agencies; Risk Matrix
Main Theme: The recently published article by Jabulani Leffall titled, Risk of Piling ERM on the Audit Committee, provides insight on the expectations placed on some audit committees to address a company’s entire risk matrix. This article explores those expectations and addresses the question of when it is beneficial for a company to subdivide a committee that manages such a wide-reaching range of risks.
Summary of article [pdf]
ERM Progress
“Moving Forward with ERM,” by Sean De La Rosa, Internal Auditor, June 2007,
pp. 50-54.
Topical Area: CROs Key Duties; ERM Road Map; Portfolio Perspective
Main Theme: Internal Auditor recently published an article titled, Moving Forward with ERM, that discusses new developments in ERM and the important role CROs play in managing risk. The article highlights the importance of teamwork on enterprise-wide evaluations of risks to meet the growing demands now being placed on CROs and internal auditors.
Summary of article [pdf]
Survey by KPMG – ERM in the US
Enterprise Risk Management in the United States: A 2006 Report Card, KPMG, 2007.
Topical Area: Factors Driving ERM; Understanding and Implementing ERM; Risk Management Ownership; Assessing Benefits of ERM
Main Theme: The survey published by KPMG titled, Enterprise Risk Management in the United States, reflects the senior executive perspectives about risk management practices and the on-going efforts to successfully implement and monitor ERM processes. The report provides feedback from leaders of US companies in diverse industries such as aerospace, transportation, financial services, healthcare, and manufacturing. The main points captured in the survey include factors driving ERM efforts, risk assessment processes, risk responsibilities, benefits expected from ERM, and improvements for success.
Summary of survey [pdf]
Assessing Risks Before Outsourcing
“Outsourcing? At Your Own Risk,” by Mark S. Beasley, Marianne Bradford, and Don Pagach, Strategic Finance, July 2004, pp. 23-29.
Topical Area: Managing Outsourcing Risk; Reasons for Outsourcing; Federal Outsourcing Legislation.
Main Theme: Strategic Finance published an article titled, “Outsourcing? At your Own Risk,” providing statistics supporting an increase in the outsourcing of various business functions and the potential risks facing the enterprise. Businesses can make detrimental mistakes when only considering costs and not looking at other risks that the outsourcing creates when making decisions regarding outsourcing. Outsourcing decisions can affect risks related to several aspects of an enterprise, including market, operations, finance, human capital, IT, legal, and reputation risks. Taking an enterprise-wide view of risks is essential when dealing with outsourcing risks that can threaten stakeholder value.
Download document [pdf]
ERM: Frameworks, Elements, and Integration
Enterprise Risk Management: Frameworks, Elements, and Integration, Institute of Management Accountants, 2006.
Topical Area: ERM Frameworks; Integrated and Holistic Perspective; Total Risk Classification; Unknown Risks Finally Become Known Risks; Risk Tolerance; Root Causes of Risks, Business Continuity.
Main Theme: The Institute of Management Accountants (IMA) has issued a new document that emphasizes the importance of understanding and managing risks in today’s complex business environment. Topics covered in the document to assist businesses in their ERM program include summaries of numerous ERM frameworks, foundational elements for ERM, risk tolerance, and business continuity. In conclusion, IMA offers a list titled, “Hallmarks of Best-Practice ERM” as a helpful guide to consolidate current practices that have proven to be effective.
Download document [pdf]
ERM Strategy: Create and Safeguard Stakeholder Value
“Strategic Risk Management: Creating and Protecting Value,” by Mark S. Beasley and Mark L. Frigo, Strategic Finance, May 2007, pp. 25-31, 53.
Topical Area: Strategic Business Risk, Return Driven Strategy Framework – 11 Core Tenets, Strategic Orientation Replaces Compliance Orientation.
Main Theme: The May 2007 issue of Strategic Finance cover story article, “Strategic Risk Management: Creating and Protecting Value,” illustrates the importance of integrating an enterprise-wide view of risks into all aspects of effective strategic planning. The article emphasizes the benefits of embracing an enterprise risk management (ERM) perspective when evaluating various strategic alternatives so that stakeholder value is protected, and more value is created. By moving risk management away from the “silo approach,” ERM users strive to balance all risks within their risk appetite while looking at risks interactively. The article explores how risks affect multiple aspects of strategic planning, by illustrating risks along The Return Driven strategy framework. Board of directors seek more effective management of strategic risks. This article argues for senior management to manage enterprise-wide risks in conjunction with strategic planning.
Download document [pdf]
Tools and Techniques for ERM Execution
Enterprise Risk Management: Tools and Techniques for Effective Implementation, Institute of Management Accountants, 2007.
Topical Area: ERM Tools & Templates; Risk ID Techniques; SWOT Analysis; Scenario Analysis; Brainstorming.
Main Theme: The Institute of Management Accountants has issued a new document that summarizes tools and techniques used by businesses that have effectively implemented an ERM program. After identifying risks, businesses should focus on risk drivers and utilizing the vast number of tools currently available for managing risks. Also, the importance of an enterprise-wide approach should be considered when organizations become trapped into managing risks reactively or by use of the silo method. This document contains numerous practical tools and templates that can be adapted for a variety of organizational settings.
Download document [pdf]
Deloitte’s Risk Management Survey
Global Risk Management Survey: Accelerating Risk Management Practices, Deloitte, 2007.
Topical Area: Risk Management Progress & Downfalls; Non-traditional Risks; Holistic Approach to ERM; Benchmarking Data.
Main Theme: Deloitte recently published a fifth risk management survey titled, Global Risk Management Survey: Accelerating Risk Management Practices, that provides feedback from 130 global financial institutions about the status of ERM implementations. Even though much progress is shown in risk management practices, there is still the need for businesses to fully implement an integrated, enterprise-wide program for success. Some areas of concern include the management of less traditional risks such as operational and geopolitical risks. The clear indication of value enhancement for companies that fully utilize enterprise risk management (ERM) has been slow to motivate approximately one-third of the businesses that still do not have an ERM program in place.
Download the survey [pdf]
NIST Risk Mitigation Toolkit
Risk Mitigation Toolkit, The National Institute of Standards and Technology, 2007.
Topical Area: Risk Mitigation Plan--Constructed Facilities; Economic Evaluation Methods; Risk Assessment
Main Theme: The National Institute of Standards and Technology (NIST) has issued a risk mitigation toolkit to help risk management leaders identify the most important hazards threatening buildings and other constructions and take action to reduce or eliminate their potential impact. The toolkit is tied to NIST’s “Guide to Printed and Electronic Resources for Developing a Cost-Effective Risk Mitigation Plan for New and Existing Constructed Facilities (NIST 7390). These resources can help building managers and owners with useful disaster mitigation data and tools.
Download a copy of the toolkit and guide
Integrating SOX and ERM – Truths and Myths
“Myth vs. Reality: Sarbanes Oxley and ERM,” Internal Auditor, April 2007, Florida.
Topical Area: Integration of SOX and ERM; Risk-based Approach to SOX Section 404.
Main Theme: For most organizations, the efforts being made to meet compliance regulations are not tied to current ERM processes. Procedures should be put in place to integrate compliance functionality into existing risk management plans.
Summary of article [pdf]
ERM – Benefits for Strategic Planning
“Coming of Age: As Enterprise Risk Management Matures, So Does Its Value in Strategic Planning,” by Prakash Shimpi, The Quarterly Journal of the EDS Agility Alliance, Vol. 1, Issue 3, pp. 16-23.
Topical Area: Risk-Capital-Value Concept; Strategic Planning
Main Theme: The Quarterly Journal of the EDS Agility Alliance recently published an article titled, Coming of Age: As Enterprise Risk Management Matures, So Does Its Value in Strategic Planning, to emphasize the rewards of ERM. Even though some senior managers still lack the broad perspective needed to deal with risk management issues, new tools have emerged and ERM has rapidly gained momentum. The Risk-Capital-Value Framework is an example of a concept developed to help businesses manage risks.
Summary of article [pdf]
Selecting Risk Consultants
Identifying and Selecting the Right Risk Consultant, Forrester, February 16, 2007.
Topical Area: Risk and Service Specialties; Various Types of Risk such as Financial, Operational, Legal, Geopolitical, and IT
Main Theme: Forrester’s recently published article by Michael Rasmussen titled, Identifying and Selecting the Right Risk Consultant, provides insight for making crucial decisions regarding selection of risk consultants. Just as the service needs of a company may vary, risk consultants provide service specialties that can be drastically different.
Summary of article [pdf]
Managing the Unexpected
“Unwelcome Surprises,” by Al Decker, The Quarterly Journal of the EDS Agility Alliance, Vol. 1, Issue 3, pp. 11-15.
Topical Area: Cross-functional Risk Planning; Effective Communication of Potential Risk and Strategies to Counteract Negative Effects
Main Theme: The Quarterly Journal of the EDS Agility Alliance recently published an article titled, Unwelcome Surprises, that discusses the dangers that can evolve from having a decentralized business structure that does not promptly alert upper management of potential dangers. Not knowing the outcome of future events makes the management of risks seem impossible. However, the use of risk management tools can provide the knowledge needed to empower management to seemingly do the impossible. Risk management tools can help greatly minimize the potential negative effects of some business risks.
Summary of article [pdf]
ERM Business Drivers
Business Drivers for Enterprise Risk Management, Forrester, February 1, 2007.
Topical Area: Successful Implementation of ERM; Open Compliance and Ethics Group; Professional Risk Managers’ International Association
Main Theme: Forrester recently published an article by Michael Rasmussen titled, Business Drivers for Enterprise Risk Management, detailing why companies struggle with implementing and managing a successful enterprise risk management (ERM) program. Groups such as the Open Compliance and Ethics Group and the Professional Risk Managers’ International Association have been established to provide help.
Summary of article [pdf]
Informatica’s Solution for Data Quality
Data Quality, Compliance, and Risk for Financial Institutions, Informatica, November 2006.
Topical Area: Basel II; Data Quality Benefits
Main Theme: Informatica released a white paper in November 2006 to summarize data quality problems faced by financial institutions trying to maintain compliance. Large corporations have an especially hard time integrating different areas of the business to establish clean reports that are useful. Additionally, the ever-changing nature of the data make the job of maintaining quality reports more challenging.
Summary of article [pdf]
RIMS ERM Maturity Model
RIMS Risk Maturity Model (RMM) for Enterprise Risk Management, Risk and Insurance Management Society, November 2006, New York.
Topical Area: Enterprise Risk Management Benchmarking; RIMS Risk Maturity Model; ERM Self-Assessment
Main Theme: The Risk and Insurance Management Society (RIMS) has recently introduced its Risk Maturity Model (RMM) to help organizations better utilize Enterprise Risk Management. The RIMS Risk Maturity Model can be used by chief risk officers and other risk practitioners as a resource to aide in planning, implementing, and benchmarking Enterprise Risk Management practices within their organizations.
Summary of article [pdf]
Managing Reputation Risk
Reputation and Its Risks,” by Robert G. Eccles, Scott C. Newquist, and Roland Schatz, Harvard Business Review, February 2007, pp. 104-114
Topical Area: Reputation Risk; Expanding Enterprise Risk Management Scope; Reputational Risk Framework; Determinants of Reputational Risk; 5 Steps for Managing Repuational Risk
Main Theme: Reputation is very important to most organizations, yet many companies do a poor job of managing risks to their reputation. Too often, companies focus their energy on addressing threats to their reputation that have already surfaced instead of proactively searching for potential reputation risks on the horizon.
Summary of article [pdf]
For Audit Committees at Consumer Products Companies, ERM Means 'Protect the Brand'
KPMG's John Farrell, U.S. lead partner for Enterprise Risk Management, spoke to Audit Committee Insights about ERM, particularly as it relates to audit committees and the consumer products sector.
Read article
Insurers Discover ERM Isn't Just for Banks Anymore
Insurance executives say that ERM plans are affecting the business they underwrite, the markets they enter and the structure of their balance sheets.
Read article
Conference Board Releases Research Report About
Boards and ERM
The Role of the U.S. Corporate Board of Directors in Enterprise Risk Management, Report # 1390, The Conference Board
The Conference Board issued a July 2006 research report, “The Role of U.S. Corporate Boards in Enterprise Risk Management,” that provides insights about board of director perspectives on their role in overseeing enterprise risk management processes at organizations where they serve. Mark Beasley, NC State’s ERM Initiative Director, served as a member of the Advisory Board for the Project.
Based on a research approach that involved personal interviews with 30 board members, analysis of Fortune 100 board committee charters, and a broad survey of 127 board members, the report finds that while ERM processes have improved in some companies, directors serving on multiple boards reported significant variations in the quality of risk dialogue and fewer boards seem to have well-established risk processes. Only 54% have clearly defined risk tolerances and only 47.6% of the boards rank key risks. Almost 50% of the directors would like to see more data analysis related to the company’s risk profile.
Read a summary of the Conference Board’s report [MS Word]
The 2006 Oversight Systems Financial Executive Report on Risk Management
"The market may reward companies who take strategic risks, but many executives are discovering the consequences of overlooking their day-to-day operational risks. As companies place a greater emphasis on managing their operational risk, Oversight Systems surveyed financial executives to gauge corporate America’s progress in implementing enterprise risk management."
Read more and download full report
COSO ERM Framework
COSO’s Enterprise Risk Management – Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission (COSO), New York, NY, September 2004 (see www.coso.org)
Topical Areas: ERM Frameworks; COSO ERM Framework – Core Elements; What is ERM; Key Components to ERM
Main Theme: This abstract provides a brief overview of COSO’s Enterprise Risk Management – Integrated Framework issued in September 2004.
Summary of article [pdf]
Expanding ERM to Embrace Strategic Risks
Slywotzky, Adrian and John Drzik. 2005. Countering the Biggest Risk of All. Harvard Business Review (April): 78-88.
Topical Areas: Expanding ERM: Embracing Strategic Risks; Countering Strategic Risks Using Risk Management Techniques; Identifying Strategic Risks; Seven Categories of Strategic Risks
Main Theme: Firms are insured against the usual risks but they are not protected against strategic risks. By using enterprise risk management techniques to identify strategic risks, firms can use countermeasures for anticipating and managing these threats systematically and turn some of them into growth opportunities.
Summary of article [pdf]
Integrating Compliance and Ethics in Risk Assessment Agenda
Kaufman, Christy, " A Strategy for Incorporating Risk Assessment in the Compliance and Ethics Agenda – Evolution of the Risk Assessment Process as a Compliance and Ethics Tool," Aon Corporation, Chicago, IL, (February 2006).
Topical Areas: Senior Managers Evolving Role; Preventive Maintenance in Risk Management; Risk Assessment Processes; Risk Identification: Who is Responsible?
Main Theme: This abstract provides a brief overview of A Strategy for Incorporating Risk Assessment in the Compliance and Ethics Agenda – Evolution of the Risk Assessment Process as a Compliance and Ethics Tool issued in February 2006.
Summary of article [pdf]
Risk Management Quantification
Bohn, Christopher and Brian Kemp, “Enterprise Risk Management Quantification – An Opportunity,” Aon Corporation, Chicago, IL, (February 2006).
Topical Areas: Quantitative vs. Qualitative Analysis of Risks
Main Theme: This abstract provides a brief overview of Aon’s Risk Management Quantification issued in February 2006.
Summary of article [pdf]
Internal Audit’s Role: Fraud and Reputation Risks
“The Emerging Role of Internal Audit in Mitigating Fraud and Reputation Risks,” issued by PricewaterhouseCoopers, New York, NY, (2004).
Topical Areas: Proactive Prevention; COSO Framework; Risk for Internal Auditors
Main Theme: This abstract provides a brief overview of The Emerging Role of Internal Audit in Mitigating Fraud and Reputation Risks.
Summary of article [pdf]
ERM Guide: Frequently Asked Questions
Guide to Enterprise Risk Management – Frequently Asked Questions, issued by Protiviti Consulting, Los Angeles, CA, (January 2006).
Topical Areas: ERM Fundamentals; Implementation of ERM; COSO Framework
Main Theme: This abstract provides a brief overview of “Guide to Enterprise Risk Management – Frequently Asked Questions.”
Summary of article [pdf]
Evolution of ERM
Teuten, Peter, “Enterprise Risk Management: Its Evolution And Where It Stands Today,” The John Liner Review, Fall 2005, Vol. 19, No. 3, pp. 7 – 19.
Topical Areas: Evolution of ERM; ERM Trends and Status
Main Theme: Business professionals have varied personal definitions of enterprise risk management (ERM) based on their limited exposure to the new idea and their specific encounters with its effects given their roles within their companies. However, in order to better understand risk management, and especially ERM, risk itself must be better understood with greater uniformity than that with which it has been understood in the past. Misconceptions have kept business professionals from understanding risk as measurable in both negative and positive outcomes, as existent even without the occurrence of an event, and as affective of businesses in many areas, not just in the consideration of insurance.
Summary of article [pdf]
Emergence of Chief Risk Officers
Lam, James C. and Brian M. Kawamoto, “Emergence of the Chief Risk Officer,” Risk Management, September 1997, pp. 30-35.
Topical Areas: Chief Risk Officers: Managing and Monitoring Enterprise Risk; Creating Risk Committees; Emergence of CRO; Driving Forces behind ERM
Main Theme: Many multinational organizations are implementing comprehensive risk management programs. This shift in management is being driven by several different forces. Comprehensive risk management programs aim to identify the plethora of risks faced by an organization and provide methods for mitigation. These risk management programs have lead to the emergence of the chief risk officer, who is key to managing and monitoring enterprise risk.
Summary of article [pdf]
Driving Need for ERM
Barton, Thomas L., William G. Shenkir, Paul L. Walker, “Managing Risk: An Enterprise-wide Approach,” Financial Executive, March/April 2001, pp.48-51.
Topical Areas: Managing Risks Enterprise-Wide; Expectations for Executives
Main Theme: Many environmental forces—such as globalization, technology, the Internet, and deregulation—have created uncertainty for twenty-first century businesses. Companies are therefore having to re-think business models, core strategies and customer bases. As a result, new issues related to risk and risk management have also evolved. Now, more than ever, executives are confronted with calls for managing risk on an enterprise-wide basis. The idea of risk management is one that has become strategic, rather than defensive, as companies try to mesh risk management with business management.
Summary of article [pdf]
Risk Gaps - Demand for ERM
Krell, Eric. Identify Your Company’s Riskiest Link. Driving Performance: Optimal Finance. Internet World.
1 May 2003. Internet World Media. 19 May 2003.
Topical Areas: Closing Risk Gaps through Enterprise Risk Management
Main Theme: Enterprise Risk Management programs can help close the huge gap in communication among executives and business unit leaders. Senior management and the board of directors’ involvement with risk assessment plays an important role in making an ERM framework effective. Involving all of the business units in risk assessment helps to eliminate the “silo effect,” whereby each business unit manages its risks in isolation. Developing an ERM framework that suits the company will help make it successful.
Summary of article [pdf]
ERM – UnitedHealth Group
“Enterprise Risk Management at UnitedHealth Group,” by Patrick J. Stroh, CMA, PMP, Strategic Finance, July 2005.
Topical Areas: ERM’s Goal to Provide Value; Confidence for Managers; Elimination of Avoidable Surprises
Main Theme: This abstract provides a brief overview of Enterprise Risk Management at UnitedHealth Group.
Summary of article [pdf]
Strategy-Risk Focused Organization
“Enterprise Risk Management and the Strategy-Risk-Focused Organization,” by William G. Shenkir and Paul L. Walker, Cost Management, May 2006.
Topical Areas: COSO’s ERM Model; Internal Environment; Monitoring
Main Theme: This abstract provides a brief overview of Enterprise Risk Management and the Strategy-Risk-Focused Organization.
Summary of article [pdf]
Role of the Chief Risk Officer
“The Evolving Role of the CRO,” A report from the Economist Intelligence Unit, ACE Insurance, Cisco Systems, Deutsche Bank and IBM, 2006.
Topical Areas: Rising Number of CROs; Information Technology; Global Risks
Main Theme: This abstract provides a brief overview of The Evolving Role of the CRO.
Summary of article [pdf]
Benefits of Managed Risks
“Running with Risk: It’s Good to Take Risk—If You Manage Them Well,” by Kevin S. Buehler and Gunnar Pritsch, McKinsey Quarterly, 2003.
Topical Areas: Successful Risk Management; Heat Map Tool; Board of Director Involvement
Main Theme: This abstract provides a brief overview of Running with Risk: It’s Good to Take Risk—If You Manage Them Well.
Summary of article [pdf]
ERM: Building on Section 404
“ERM Under Construction: Building on Section 404,” by Paul J. Sobel, Internal Auditor, April 2006.
Topical Areas: ERM Components; Moral Values; Risk Appetite; Risk Identificatio
Main Theme: This abstract provides a brief overview of ERM Under Construction: Building on Section 404.
Summary of article [pdf]
ERM and Information Technology
“Is IT Next for ERM?” by Sridhar Ramamoorti and Marcia Weidenmier, Internal Auditor, April 2006.
Topical Areas: Technology Impact on ERM; E-commerce
Main Theme: This abstract provides a brief overview of Is IT Next for ERM?
Summary of article [pdf]
Internal Auditing and ERM
“Internal Auditing’s Role in ERM,” by Audrey Grambling and Patricia Myers, Internal Auditor, April 2006.
Topical Areas: Internal Auditors’ Responsibilities; Management’s Role; Communication of Responsbilities
Main Theme: This abstract provides a brief overview of Internal Auditing’s Role in ERM.
Summary of article [pdf]
Developing a Corporate Focus to Risk Management
Barrese, James and Nicos Scordis “Corporate Risk Management”, Review of Business, Fall 2003, The Peter J. Tobin College of Business, St. John’s University.
Topical Areas: Corporate risk management programs; Risk Management Processes; Risk Responses; Best Practices for Risk Management
Main Theme: The view of risk management is evolving. The question today is whether corporate risk management should be handled on an individual level or through a company-wide initiative, otherwise known as enterprise risk management.
Summary of article [pdf]
ERM Infrastructure and Risk Intelligent Systems
Funston, Rick. 2003. Creating a Risk-intelligent Organization. Internal Auditor (April): 59-63.
Topical Areas: Risk Transparency; Risk Intelligent Systems; Building a Risk Infrastructure
Main Theme: Enterprise risk management (ERM) is the key to resolving some of the demands for more corporate transparency from investors. ERM is a process that changes how an organization identifies risks and manages those risks continuously. It helps to develop the steps and allocate resources to mitigate the organization’s risks and provides reasonable assurance about the organization’s ability to achieve its objectives.
Summary of Article [pdf]
ERM and Business Continuity
McCrackan, Andrew. Is Business Continuity a Subset of Risk Managament? Continuity Central. 25 February 2005. Portal Publishing Ltd. 11 March 2005.
Topical Areas: Business Continuity Relationship to ERM
Main Theme: There is a huge debate over the roles and positioning of risk management and business continuity management within organizations. Some argue one function should be subordinate to the other. The key, however, is that the organization must determine the functional scopes of each function and communicate the appropriate relationship of the two tasks. Each organization needs to decide the appropriate mixture of these two functions.
Summary of article [pdf]
Using Technology to Support ERM: A Case Study
Stone, David L. and Dean L. Marotta, "Leveraging Risk Technology”, Computers & Auditing, Internal Auditor, December 2003.
Topical Areas: IT Risk Management Systems; Example from Zions Bancorporation
Main Theme: Companies face added complexity to overall risks threatening an enterprise. Management needs a risk management program that is complete and proactive toward risk. This article highlights steps that Zions Bancorporation took to develop an application to facilitate risk management.
Summary of article [pdf]
Survey Data: ERM Trends
Managing Risk: An Assessment of CEO Preparedness, 7th Annual Global CEO Survey, PricewaterhouseCoopers, LLP, 2004.
Topical Areas: CEO Survey About ERM
Main Theme: This study provides data obtained from surveys of nearly 1400 chief executive officers (CEOs) about risk trends and related expectations for effective ERM practices. With CEOs note that they are more aggressive risk takers than in the past, many note that they believe enterprise