Record Detail Back
Enterprise Risk Management: A Practical Plan to Get Going Now
- Share to:
Section 404 of the Sarbanes-Oxley Act proved to be an arduous process
for many public companies, yet these requirements cover only a slice of
the total risks facing businesses. A much wider range of factors − including
strategic, operations, and compliance risks − lies outside of the financial
reporting and internal controls areas of Section 404. Any of the wide
spectrum of business risks can also damage a company’s reputation,
result in significant liability, and lead to substantial loss of business value,
if not a company’s demise.
Boards of directors have become increasingly aware of the need to manage
the wider range of risks across the enterprise. They are looking for ways to
meet their fiduciary responsibilities, manage their own personal liability, and
improve the business. They are asking about and, in some cases, pushing
strongly for a more coordinated and comprehensive process of managing
risks − enterprise risk management (ERM), in other words.
Business leaders, however, are frequently at a loss on how to get started
or how to make meaningful progress. They may question how ERM
differs from the way they currently manage the business. A “Core ERM
Project” is a practical way to take advantage of what is currently being
done in the organization and move forward while managing costs out
of the starting blocks.
The starting point is to identify the effectiveness of risk-related activities
the organization has already put into place. Gaps are then identified and
prioritized, thereby making significant progress on the journey to a more
integrated, efficient, and value-driven approach to risk management.