In its quest to achieve its strategic goals, a company naturally assumes risk, and must wrestle with the risk-reward trade-off. Individual risks assumed, as a result of a product or a service may be minimal. However, when you look at the entire organization as a whole, are you taking on more risk than you thought?
Risks include, but are not limited to – financial, operational, and regulatory.
Enterprise Risk Management (ERM) is an established framework, developed to assist the Board of Directors and Senior Managers of a company to identify, assess, respond, control, communicate and monitor Risk.
Most companies have incorporated some of the framework items, but not all. Which items are you missing?
- Review company product lines and service lines and identify areas of risk.
- Establish metric(s) for each risk with corresponding tolerance range(s).
- Adjust policies and procedures, as necessary, to ensure risks are controlled:
- Approvals and Authorizations
- Top level performance reviews (actual vs. budget/ forecast/ prior period)
- Track major initiatives
- Physical Controls (inventories/ equipment/ cash/ other assets)
- Information Processing
- Segregation of Duties
- Develop a company-wide Board established “Risk policy” which identifies acceptable levels of risk.
- Communicate that policy to all employees, i.e. creating a culture of awareness.
- Monitor periodically adherence to the level of Risk established, i.e. metrics and tolerances
- Internal and external audits
- Planning sessions
- Process improvement
Going forward all actions undertaken to assist the organization in reaching its strategic goals will take into account the Board established “Risk Policy.”
For more information, please review www.coso.org Committee of Sponsoring Organizations of the Treadway Commission.© Copyright 2012 Regis Quirin, All rights Reserved. Written For: CFO Tips - What you need to know, to be a CFO TODAY!