Any one of a variety of risks could threaten an organization's success and lead to a decrease in stakeholder value, including: globalization, technology, demands for customized products and services, shifts in regulation, mergers and restructurings, accounting and reporting deficiencies, and complex financial instruments. Leaders must be aware of a holistic approach to risk management and the need for a stronger governance structure.

The information in this document provides an overview for implementing Enterprise Risk Management (ERM). It presents:

  • A definition of ERM;
  • A classification of various risks;
  • An understanding of the roles and responsibilities of management accountants in ERM projects;
  • An overview of ERM frameworks from several different global professional organizations;
  • A discussion of the foundational elements of ERM;
  • Suggestions of how ERM can enhance on-going management activities; and?
  • Ideas for adding value to the Sarbanes-Oxley Act of 2002 (SOX) 404 compliance requirement by employing a risk-based approach to identify, test, and document key internal controls to assure investors on the quality of the firm's financial statements and related disclosures.

Key Insights:

Most ERM frameworks advocate a similar approach:

Set strategy and objectives,

  • Identify risks,
  • Assess risks,
  • Treat risks,
  • Control risks, and
  • Communicate and monitor risks
Download Report

About the Authors