Enterprise Risk Management
Enterprise Risk Management (or “ERM”) is a phrase (and acronym) that has existed for perhaps the past two decades. Yet, the underlying concepts of ERM – including business strategy and risk alignment, mitigation, avoidance, acceptance, sharing and transferring risk – have existed in business for a very long time. So why has ERM become one of the biggest concerns of boards of directors? In a recent nationwide survey by the AICPA of hundreds of CFOs across a variety of business sectors, nearly 70% of the respondents indicated that their organizations were caught off guard “somewhat” to “extensively” by operational surprises over the past five years. According to the same poll, a similar percentage of respondents have indicated their board of directors are asking “somewhat” to “extensively” for increased senior executive involvement in risk oversight. We assist public, private and non-profit institutions in fulfilling their Board’s fiduciary duty related to ERM through several service offerings.
Risk Management Challenges: From COSO ERM to Penn State
Prior to founding The Audit Exchange, John McLaughlin served as a frequent contributor to The Financial Management Network while leading the Risk Advisory practice of BDO. In this segment, John shares his views and experience regarding Enterprise Risk Management and establishing effective programs to identify and monitor risk. Throughout the interview, John shares practical insights and the application of risk factors to avoid governance meltdowns such as Penn State.
ERM Program Initiation and Development – beginning with awareness and establishing a common understanding of risk across the enterprise, we assist management in:
- Clearly articulating high level goals and objectives across the enterprise,
- Allocating capital and other resources effectively and efficiently,
- Communicating transparent and reliable operational and financial data throughout the enterprise, and
- Maintaining compliance with the increasing burden of regulations and laws.
Plainly, ERM directly relates to the managing the most complicated problems facing a business. And we assist management in enhancing the strategies to address known problems, and pre-emptively identify unknown issues before they become complicated problems. We utilize a multi-phased approach to create awareness, promote honest self-assessment through probing interviews and surveys across the enterprise, debate existing and needed risk response strategies, and report to the Board in a simple, yet persuasive manner.
Business Risk Assessment – through review of a variety of corporate documents, comparison to industry peers, probing interviews of management, and employee surveys we facilitate management’s assessment of the enterprise’s risks and related activities that help to mitigate risks, particularly the risks that matter most. We call them the Top 10…or 14 in some cases…and help management and the Board focus on the risks that have the greatest impact on success or failure. Business Risk Assessment is a component of ERM.
Business Continuity and Disaster Recovery – natural disasters, acts of terror, and man-made accidents impact human beings is unimaginable ways. However, the same misfortunes can also impact businesses in profound ways, as well. Instituting a thorough, yet economically sensible, business continuity and disaster recovery plan is essential for any business, regardless of their public, private or non-profit profile. We assist management teams in determining and evaluating the potential effects of serious interruptions to critical business operations – commonly called a business impact analysis. We also assist management in developing strategies to manage certain risks that threaten personnel and other assets in the face of a disaster – commonly called a business continuity plan.