Enterprise Risk Mgmt
Focus on ERM
The COSO* "Enterprise Risk Management-Integrated Framework" published in 2004 defines ERM as a "…process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives." ERM has begun to receive more focus lately by Boards and regulators because of the changing environment over the past decade, including the Enron and Worldcom scandals in the early 2000s, which led to the development of the Sarbanes-Oxley (SOX) Act and the recent banking financial crisis of the late 2000s and recession of 2008/2009.
Regulatory and financial analyst actions are now focusing more on how companys' manage risk as follows:
- Section 404 of SOX required public companies to assess their internal controls using an acceptable control framework. Most companies chose the COSO Internal Control Framework, which includes as one of its components: Risk Assessment.
- The New York Stock Exchange requires the Audit Committees of its listed companies to "discuss policies with respect to risk assessment and risk management."
- Standard & Poors (S&P), the credit rating and equity research company announced its plans to include a series of questions about risk management in its company evaluation process. This started with financial companies in 2007. The results of this inquiry is one of the many factors considered in debt rating, which has a corresponding impact on the interest rates lenders charge companies for loans or bonds. On May 7, 2008, S&P also announced that it would begin including an ERM assessment in its ratings for non-financial companies starting in 2009.
-
SC ERM Services
Sanders Consulting takes a structured approach to ERM, following the COSO guidelines for the eight ERM components:
Contact us about ERM services