Using the Ernst &Young Risk Management Checklist and the “Implementing Enterprise Risk Management” article provided by the instructor, prepare a checklist to evaluate a company’s enterprise risk management program. Then, using the Form 10K report, proxy statement, and governance information (from company website), prepare a critical assessment of the company’s risk management program. This assessment should clearly identify the program’s strengths and weaknesses. (Please see the table and additional explanation below).
What are the most important things that you learned from the study of this week’s readings and assignments? Remember to always include appropriate references.
INFORMATION FOR QUESTION 1:
Ernst and Young. The Risk Management Checklist.
Do you have a formal risk management framework?
Have you clearly defined your risk appetite?
Do you perform an annual enterprise-wide risk assessment?
Are processes in place so that risk management is aligned to corporate strategies?
Have you evaluated the advantages and disadvantages of outsourcing or co-sourcing the functions needed to support the risk management plan?
Do your risk and compliance functions throughout the organization work together?
Do your risk functions focus on the most important risks?
Do your risk functions improve your business performance?
Does your internal audit department have a clear mandate that addresses strategic, operational, financial and compliance risk?
Have you established clear governance over risk and risk management?
Have you defined board committees with a focus on specific risk areas and considered the appropriateness of a risk committee?
Do you clearly articulate your risk assessment and risk management processes to the public markets?
Walker, Paul L. and Shenkir, William G., Implementing Enterprise Risk Management. Journal of Accountancy (March 1, 2008). Available at: http://www.journalofaccountancy.com/issues/2008/mar/implementingenterpriseriskmanagement.html
Managing risk is imperative for successful leadership in today’s business world. Leaders must develop processes like enterprise risk management (ERM) to improve their ability to manage risks effectively. ERM cuts across an organization’s silos to identify and manage a spectrum of risks. Consider these ERM action items:
Resolve to proactively manage risks, rather than react to them. Implementing ERM takes total commitment by management, as well as recognition by the board of its responsibility.
Clarify the organization’s risk philosophy. As discussed in the COSO ERM framework (Enterprise Risk Management—Integrated Framework), organizations need to know their risk capacity in terms of people capability and capital. The board and management must come to an understanding, factoring in the risk appetite of all significant stakeholders.
Develop a strategy. Since risk relates to the events or actions that jeopardize achieving the organization’s objectives, effective risk management depends on an understanding of the organization’s strategy and goals. One of the benefits of ERM implementation is the revelation that those responsible for achieving the objectives have varying degrees of understanding about them. ERM helps get everyone on the same page.
Think broadly and examine carefully events that may affect the organization’s objectives. This involves taking your business and industry apart. Pore over your strategy, its key components and related objectives. Use a variety of identification techniques such as brainstorming, interviews, self-assessment, facilitated workshops, questionnaires and scenario analyses. In selecting among these techniques, consider how rigorously each business unit can implement them, and if openness among the participants would result. Analyze how both external and internal events can change the organization’s risk landscape. This initial effort does not have to take months to accomplish. Start with a top down approach. Begin to identify risks through workshops or interviews with executive management and by focusing on strategies and related business objectives
Assess risks. Initially, try to reach a consensus on the impact and likelihood of each risk. Placing risks on a risk map can be a valuable focal point for further discussion. As the risk assessment process matures, consider applying more sophisticated risk measurement tools and techniques.
Develop action plans and assign responsibilities. Every risk must have an owner somewhere in the organization. Manage the biggest risks first and gain some early wins
Maintain the flexibility to respond to new or unanticipated risks. Put a business continuity and crisis management plan into place. If your organization is in a volatile environment, you should anticipate even more unknowns.
Use metrics to monitor the effectiveness of the risk management process where possible.
Communicate the risks identified as critical. Circulate risk information throughout the organization. The board of directors and audit committee should be given regular reports on the key risks facing the organization. It is not acceptable to identify important risks and never communicate them to the appropriate people.
Embed ERM into the culture. Integrate the knowledge of risks in your internal audit planning, balanced scorecards, budgets and performance management system. Leverage your organization’s compliance with SOX section 404 to benefit ERM implementation. The focus by PCAOB Auditing Standard no. 5 and the SEC’s new management guidance on “top down” risks provides an opportunity to leverage compliance to enhance shareholder value through ERM.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more