Everybody's talking about enterprise risk management (ERM). But is this just old wine in a new bottle? According to extensive research conducted earlier this year by APQC, no, it's not the same old thing. The recent buzz is not about possible business disruption, sexual harassment charges, pollution liability or even accounting fraud. Rather, more CEOs and CFOS see that a well-designed ERM program is a lever that allows them to compete with confidence. Given the complexity and unpredictability of global markets and geopolitics today, that's a reasonable stance.
It's also no coincidence that large public companies are upgrading their risk management regimes in response to the latest wave of corporate governance reform. Last year, public companies had to respond to new proxy disclosures rules (see SEC Rule 33-9089) that call for disclosure of risk oversight and risk reporting lines, risk assessment by business unit and assessment of the risk associated with compensation plans. Now, the Dodd-Frank Wall Street Reform and Consumer Protection Act is raising the bar by mandating risk committees and risk experts on those committees. Boards of directors, meanwhile, are aware of the growing threat of risk-related lawsuits. Adding urgency to the situation, there are several bills pending in Congress that would impose even stricter risk management requirements on boards of directors, including one provision that requires all publicly traded companies to form a board-level risk committee. "Regardless of whether these bills are passed, it is clear that greater shareholder action pertaining to risk management can be expected. This is huge, and corporations have to deal with it," says Kristina Narvaez, president of ERM Strategies, LLC, a consulting and research firm focused on ERM.