Getting on Program

With a global financial crisis gripping the world economy, it's no wonder that more executives than ever are focusing on how well they control risk in their organization. After all, if disaster can happen to the largest of players, it's only natural for everyone to be asking, "What about me?"

It's no secret that many publicly listed, closely-held, and even not-for-profit organizations have begun to embrace enterprise risk management (ERM) as a corporate imperative. Corporate boards have reassessed their role in today's legal and economic environment and are beginning to exert pressure on the C-suite (the CFO in particular) to understand and analyze enterprise risk as a necessity to help achieve corporate objectives. Further, analysts are beginning to question CFOs and CEOs during earnings calls about how the company is addressing risk from an enterprise basis. And, with Standard & Poor's and Moody's coming under fire for less-than-rigorous evaluations of risk to corporate ratings, ERM will likely stay at the forefront of leadership attention.

The confluence of the various external pressures on organizations to manage risk, coupled with regulation on both the federal and local levels, has resulted in the marriage of good corporate governance and risk management. As boards and executive management teams identify governance issues to be managed, a spotlight has been cast on the risks and underlying business processes and the relevant controls in place.

When it comes to publicly traded companies, few would argue that the primary goal is to create value for the shareholders. Shareholder value is created, preserved, or eroded by management decisions throughout the organization. Individual decisions -- each with its own value and purpose -- may result in the unintended consequence of heightened risk when taken in the aggregate. An effective enterprise risk program provides the foundation for the organization to deal effectively with potential future events that create uncertainty. As a result, organizations are better enabled to respond in a manner that reduces the likelihood of downside outcomes and increases the ability of the organization to seize additional opportunities. The definition of enterprise risk management may be summed as an approach to aligning strategy, processes, and knowledge to minimize surprises and losses while capitalizing on business opportunities.
A mature, effective, risk management program is designed to enhance governance that supports decision-making throughout the organization by:

• Achieving strategic objectives and improving financial performance by managing risks that have the largest potential impact;
• Assessing risk in the aggregate to minimize surprises and reduce earnings fluctuations;
• Fostering better decision-making by establishing a common understanding of accepted risk levels and consistent monitoring of risks across business units; and
• Improving corporate governance with better risk management and reporting processes, thus fulfilling stakeholder responsibilities and compliance with regulatory requirements.