Any one of a variety of risks could threaten an organization's success and lead to a decrease in stakeholder value, including: globalization, technology, demands for customized products and services, shifts in regulation, mergers and restructurings, accounting and reporting deficiencies, and complex financial instruments. Leaders must be aware of a holistic approach to risk management and the need for a stronger governance structure.
The information in this document provides an overview for implementing Enterprise Risk Management (ERM). It presents:
- A definition of ERM;
- A classification of various risks;
- An understanding of the roles and responsibilities of management accountants in ERM projects;
- An overview of ERM frameworks from several different global professional organizations;
- A discussion of the foundational elements of ERM;
- Suggestions of how ERM can enhance on-going management activities; and?
- Ideas for adding value to the Sarbanes-Oxley Act of 2002 (SOX) 404 compliance requirement by employing a risk-based approach to identify, test, and document key internal controls to assure investors on the quality of the firm's financial statements and related disclosures.
Most ERM frameworks advocate a similar approach:
Set strategy and objectives,
- Identify risks,
- Assess risks,
- Treat risks,
- Control risks, and
- Communicate and monitor risks