|
Article Excerpt
Return and risk are the two major dimensions of business decisions. While return is a well-identified factor, risk is less understood. This analysis addresses risk management issues within a firm, specifically with respect to litigation because legal costs can range from 3% to 10% of businesses' annual revenues. (1)
Here is how the Committee of Sponsoring Organizations of the Treadway Commission (COSO) described enterprise risk management (ERM) in 2004:
"Enterprise risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives." (2)
This definition can be broken down into the following elements:
A process: A process is ongoing; it is something that has its own momentum but that must be supported by the decision makers in the firm and (if the process is useful) will become a part of the firm's culture. A process, however, is not merely a series of tasks, nor is it just a project (although it may be tested as a project). ERM can only become useful and successful if it is viewed as a process--a way of doing things--not just as a way to fix a problem (whether as a quick fix or a slow fix).
Effected by an entity's board of directors, management, and other personnel: The people who make the decisions in a firm must be involved in ERM and must actively support the plan. In addition, there must be deep support and involvement from throughout the firm. Just as making a profit is "effected by an entity's board of directors, management and other personnel," so, too, is enterprise risk management.
Applied in strategy setting and across the enterprise: Enterprise risk management is not a tactic--it is a strategy. As a strategy, it will have application throughout the firm and will be one of the key factors that points the firm in whatever direction its overall business planning intends for it to go.
Designed to identify potential events that may affect the entity: A fundamental part of enterprise risk management is an analysis to determine the activities and drivers of activities that affect the firm. Such an analysis is not something one person can be told to complete before next Friday. (One person may indeed have that responsibility, but it will take information from throughout the firm to identify these events.)
Manage risk to be within its risk appetite: To manage risk means to control risk, not to handle it by dancing to the tune played by risk. The whole point of enterprise risk management--the whole justification for its cost in time, money, and other resources--the only reason it has useful value--is to put the firm into the position of actually managing, or controlling, its risk. The risk appetite in any firm (the range of risk it can accept as what it will live with) is never going to be large. Even a firm on the cutting edge would prefer to have as little risk as possible, but some activities will always be risky, and some risk may have to be accepted because its causes are difficult to identify and/or do much about.
To provide reasonable assurance regarding the achievement of entity objectives: This is why a firm wants to control its risk--so it can focus on meeting the goals of its business plan.
ERM, therefore, is a strategic process that must be supported properly throughout the firm and that has the fundamental purpose of giving a firm the ability to control its risk so it can focus on its business.
RISK MANAGEMENT FROM A LEGAL PERSPECTIVE
Lawyers do not necessarily look at the world in the same way as others, including business people. This is also true for risk management. The legal perspective of risk management is often seen as a method for protecting the firm--as a plan for putting out fires. Although there is nothing wrong with protecting the firm, risk management is not really about protection. It is about making changes within the firm that lead to an ability to control risk. The focus on risk management...
|
|
More articles from Management Accounting Quarterly
Linking manufacturing strategy to product cost: toward time-based acco..., September 01, 2007
A risk-based approach to a risk-based approach to identifying the tota..., September 01, 2007
Environmental considerations in product mix decisions using ABC and TO..., September 01, 2007
Accounting theory: missing in action? Little has changed in the 500 ye..., January 01, 2007
Sustaining SOX 404: a project management approach: complying with the ..., January 01, 2007
Looking for additional articles?
Search our database of over 3 million articles.
Looking for more in-depth information on this industry?
Search our complete database of Industry & Market reports by text, subject, publication
name or publication date.
About Goliath
Whether you're looking for sales prospects, competitive information, company
analysis or best practices in managing your organization,
Goliath can help you meet your business needs.
Our extensive business information databases empower business
professionals with both the breadth and depth of credible,
authoritative information they need to support their business
goals. Whether it be strategic planning, sales prospecting,
company research or defining management best practices -
Goliath is your leading source for accurate information.
|
|
