Articles

  • Strengthening Enterprise Risk Management for Strategic Advantage

    November 04, 2009

    COSO’s Strengthening Enterprise Risk Management for Strategic Advantage focuses on specific areas where the board of directors and management can work together to improve the board’s risk oversight responsibilities and ultimately enhance the entity’s strategic value. This thought paper expands on COSO’s Effective Enterprise Risk Oversight: The Role of the Board of Directors and provides further detail on the four specific areas discussed in that document.

  • The Six Mistakes Executives Make in Risk Management

    October 01, 2009

    This article in the October 2009 issue of Harvard Business Review outlines six key mistakes that are often made in risk management. It was written by three experienced risk professionals: Nassim Taleb, Daniel Goldstein, and Mark W. Spitznagel. The article focuses on the occurrence of black swan events and how they are becoming more prevalent in today’s business environment. These events are virtually impossible to predict; therefore, the only thing businesses can do is decrease their vulnerability by developing sophisticated risk management techniques. The first step is changing society’s view of risks. In order to do so, it is important for business managers to realize and correct the six mistakes outlined in the article.

  • Managing Risk in the New World

    October 01, 2009

    The recent financial meltdown has brought risk management under scrutiny like never before. In this article, five experts discuss the future of enterprise risk management and how risk oversight has evolved in the business world today.

  • Scenario Planning

    September 01, 2009

    Scenario planning is a tool that allows management to create in-depth contingency plans and move from a reactive to a proactive mindset. This Conference Board Review article explains the strength of scenario planning through its ability to generate several possibilities of future events, and modify those scenarios and related plans as the current state of the economy and world shift with time.

  • Effective Enterprise Risk Oversight: The Role of the Board of Directors

    September 01, 2009

    COSO’s Effective Enterprise Risk Oversight: The Role of the Board of Directors is focused on aiding boards of directors in strengthening their enterprise risk oversight responsibilities. The current economic crisis has caused the role of the board of directors to become far more challenging than in the past. The thought paper highlights critical board responsibilities by using four specific areas in COSO’s Enterprise Risk Management – Integrated Framework that contribute to board oversight of enterprise risk management.

  • Internal Audit and Risk Oversight

    August 01, 2009

    The Institute of Internal Auditors recently issued two new practice advisories related to risk management. The first practice advisory, titled “Using the Risk Management Process in Internal Audit Planning”, deals with coordinating internal audit activity with risk management. The second practice advisory, titled “Assurance Maps”, centers on identifying and addressing any gaps in the risk management process.

  • The Future of Risk

    July 31, 2009

    The current economic downturn has caused companies everywhere to question their risk management process and investigate ways to upgrade their risk management efforts. As risk complexity has increased, so too has company spending on risk management. While some companies are committed to increase resources spent on risk management, a majority will attempt to increase risk management efforts with existing resources. This reality can be achieved by balancing risk, cost and value across the enterprise.

  • Chief Risk Officers: Emerging Trends

    July 31, 2009

    The position of Chief Risk Officer is becoming more prominent in many industries and will likely change the skills and behavior of current risk managers. Some believe that risk managers already possess the necessary skills, while others believe that they need to become more financially literate in order to take on such a strategic position. CROs will be given many strategic and risk-related responsibilities that current risk managers do not have. Optimally, the creation of a CRO position will give risk managers something to aspire to and create a more risk-based approach during strategic decision-making.

  • S&P Issues Progress Report on ERM Integration into Credit Ratings

    July 22, 2009

    Standard & Poor’s recently published a report detailing the focus of their discussions with rated companies regarding ERM and insights gleaned from these discussions to date. So far, ERM discussions have been conducted with over 300 rated issuers and the report shares the seven questions used as the basis for these discussions. An interesting preliminary finding is that few companies have leveraged their ERM programs to identify risky opportunities that they are well-positioned to capitalize upon - most companies are currently focused on identifying and managing downside risks.

  • Real Insights from 2008-2009 ERM Roundtables

    July 20, 2009

    As expectations for stronger risk oversight emerge from the recent economic crisis, boards and senior executives are seeking ways to strengthen their approaches to enterprise-wide risk management. This document contains summaries from five ERM Roundtables hosted by the ERM Initiative at North Carolina State University in fall 2008 and spring 2009. Real-world ERM implementation examples from H.J. Heinz Company, the State of Washington, and KBR Inc. are provided in addition to emerging ERM insights from Standard & Poor’s and the New York Stock Exchange.

  • Walker Review on Corporate Governance in the UK Banking Industry

    July 16, 2009

    Governance failures contributed materially to the excessive risk taking leading to the financial crisis, and improved governance is key to decreasing the chance of these events recurring. The Walker Review examines corporate governance in the UK banking industry and many of its conclusions and recommendations center on increasing risk focus and discussions at the board level. The review provides 39 recommendations covering topics such as board size, composition and qualification; functioning of the board and evaluation of performance; the role of institutional shareholders related to communication and engagement; governance of risk; and remuneration.

  • Shifting of Internal Audit Strategy and Focus

    July 01, 2009

    Findings from a survey and roundtable of internal audit executives, service providers, and regulators show that internal audit is changing its risk priorities and audit coverage in response to changing stakeholder expectations in the current economic crisis. Internal audit is taking on a more strategic role in the organization and focusing more on ERM processes and recession-related risks.

  • Uncertainty in Business

    July 01, 2009

    Uncertainty and ambiguity are a key challenge for business leaders today. Organizations are finding that they must increasingly plan for contingencies in the future instead of focusing primarily on short-term goals. In the past, many business leaders believed their organizations’ long-term goals could wait until they had dealt with the current crisis. In the current business environment, this is no longer the case. The rate of change has accelerated, indicating that business leaders must learn how to strike a balance between managing complex issues today and predicting the uncertain issues of tomorrow.

  • The State of Enterprise Risk Management at Colleges and Universities

    July 01, 2009

    A survey was conducted in June 2008 of over 600 presidents and chancellors, CFOs, governing board members, chief academic officers, and risk managers from private and public colleges and universities of varying sizes. Key survey findings indicate there is significant room for improvement in enterprise risk management at higher education institutions. Best practices and action steps institutions can take to improve their enterprise risk management efforts are discussed. Additionally, a sample worksheet is provided to help higher education leaders begin the systematic risk assessment process in their institutions.

  • How Risk Management Is Changing in Response to the Economic Crisis

    July 01, 2009

    The economic crisis is changing the risk management landscape in various ways. The government bailouts enacted in response to the economic crisis will have many effects, with the greatest potential effect on risk appetites of organizations. The magnitude and frequency of bailouts could encourage increased risk appetites or there could be increased risk aversion in response to what is currently perceived as a high-risk environment. Another way in which the economic crisis is shaping risk management is that increased security risks and decreased security budgets are encouraging an enterprise risk perspective to better enable organizations to track, quantify, and analyze shifting thresholds of risk. This enhanced perspective can then be used to address concerns such as insider threats, information risk, and product protection.

  • Getting Executive Compensation Right

    July 01, 2009

    Executive compensation systems are often criticized for rewarding the wrong things, ignoring shareholder objections, focusing on short-term results, and being too opaque. Finding the appropriate level and type of compensation is an important first step to improving effectiveness of pay packages. There are also several actions that boards and shareholders can take in working towards improved executive compensation systems.

  • Need for Adaptive Leadership

    July 01, 2009

    While the current crisis will pass, a sustained crisis of unfamiliar challenges will remain. To successfully carry organizations through this sustained crisis, leaders will need to use an adaptive leadership approach unfamiliar to many. Adaptive leadership requires fostering adaptation, embracing disequilibrium, and generating leadership internally. By adopting these practices, organizations can effectively mobilize their resources to thrive in a changing and challenging world.

  • Determining the Value of ERM

    July 01, 2009

    In the current economy, companies are under pressure to justify all major investments, including enterprise risk management (ERM). In this article, KPMG provides some common approaches for valuing ERM programs or ERM components. Placing a value on ERM can help companies realize the return of their investment through reduced costs, increased reputation, and improved decision-making.

  • ERM in an Economic Downturn

    July 01, 2009

    Risks are necessary for success, but the failure to manage those risks effectively often leads to a plethora of negative outcomes for an entity. In the current economic environment, it is becoming increasingly important for companies to proactively respond to risks through an enterprise risk management (ERM) approach. Along with the benefits of assessing and managing risks, ERM can also positively affect a company’s credit rating and corporate governance outlook.

  • Global Integrity Survey

    July 01, 2009

    Compliance Week conducted a survey analyzing the role of integrity and ethics programs in corporations around the globe. The survey addressed the structure of these programs as well as metrics used to evaluate them. The accountability of integrity programs and its importance in the current economy was assessed and entities were asked to respond with the biggest risks their corporations faced in the world today regarding ethics and integrity.

  • Enterprise Governance, Risk and Compliance Platforms

    July 01, 2009

    As enterprise-wide risk management concerns have grown, so too has the market for enterprise governance, risk and compliance GRC platform vendors. This article not only describes the underlying technologies of these platforms, but provides the detailed results of Forrester Research Inc.’s product evaluation of fourteen GRC platform vendors.

  • Internal Audit’s Role in Managing Reputation Risk

    June 01, 2009

    Reputational risks and corporate missteps are having more significant impacts on bottom lines and stakeholder perceptions of companies than ever before. Therefore, companies are recognizing the importance of reputational risk and placing a greater emphasis on reputational risk management. Internal audit departments can play a significant role in helping companies manage reputational risks through their advisory and monitoring efforts.

  • Culture of Candor

    June 01, 2009

    Performance of leaders is increasingly being measured based on the extent to which they create economically, ethically, and socially sustainable organizations. Increased transparency is an important step for leaders making this shift. An improved culture of candor can benefit organizational performance and there are several steps outlined for leaders seeking to create increased transparency. There is no easy way to institutionalize candor. Positive steps towards increased transparency are described but true transparency will require ongoing effort, sustained attention, and constant vigilance.

  • Risk Preparedness

    June 01, 2009

    Risk intelligence is a risk management philosophy focusing on the use of both risk avoidance and risk-taking to create value. While this article deals with risk intelligence, it focuses on the risk avoidance aspects as it discusses prudently preparing for the occurrence of negative events. By adequately planning for business disruption events, companies can become more resilient and recover from events more quickly, therefore gaining a competitive advantage in the marketplace.

  • Balancing Enterprise Risk Management and Enterprise Performance Management

    June 01, 2009

    Poorly planned and executed risk management capabilities contributed to the collapse, and they are likewise impeding the recovery as companies have shifted from taking too many risks to taking too few. Companies that are able to effectively balance enterprise risk management and enterprise performance management will have more robust risk management capabilities and be poised to make better decisions and drive improved company performance.

  • Reputation Management

    May 31, 2009

    Reputation management is critical to organizations and it continues to grow more complicated. Companies in the past could earn reputations as good corporate citizens by making philanthropic contributions without significant alignment with a business strategy. However, nonstop access to information, a lack of trust in business, and an increasingly broad base of stakeholders have increased the importance of reputation management to companies as well as changed the ways in which companies need to act to successfully manage their reputations.

  • Seven Question Guide to Assess ERM

    May 01, 2009

    Risk professionals should consider seven questions in evaluating risk management tools, improving risk management practices, and assessing the state of ERM in an organization. Professionals should ask these seven questions: (1) if the risk management process really assesses risk; (2) if the risk assessment is context-driven; (3) if the risk management process address root causes of failure; (4) what business performance says about risk; (5) what the organization’s risks say about its controls; (6) what the organization’s controls say about its risks; and (7) if the professionals and their organizations are up for the task of risk management.

  • Increasing Oversight by Audit Committees

    May 01, 2009

    Audit committees are responding to the recent financial crisis by refocusing and increasing their oversight efforts. Committees report a renewed focus on the “basics” of oversight that include better education by management, closer connections with management teams, exercising skepticism and testing information, and an increased focus on accountability. Audit committees are now prioritizing their focus on ensuring they receive quality information about the company’s business activities and risks and oversight of the company’s risk management processes.

  • Getting Risk Appetite Right

    May 01, 2009

    While the concept of a risk appetite framework is sound and can provide many benefits to organizations, many of these frameworks failed during the current crisis due to design and application problems. Organizations can learn from several key failings in risk appetite frameworks that were highlighted by the crisis. Though this article looks at risk appetite from the perspective of banks, the suggestions are applicable to many types of organizations seeking to improve their risk appetite framework.

  • Role of Culture and Judgment in ERM

    April 24, 2009

    David Fox, the Director of Risk Management at KBR, Inc., based in Houston, Texas, spoke at the April 24, 2009 ERM Roundtable about the rollout of ERM at KBR and its evolving role in the company. He emphasized the importance of culture and the need for communication and judgment for risk oversight to be effective and sustainable.

  • Importance of Risk Management Mindset

    April 15, 2009

    Many companies that were unprepared for the current economic situation have become hesitant to make decisions regarding the future. For companies to regain confidence in making these decisions there needs to be a realization that risk management models are only as good as the decisions that are made based on the models. As a result, the risk management mindset is just as important as the model. Companies can focus on their risk management mindset by re-defining risk to include a more integrated view of risk and constructing a new ‘risk architecture’ that incorporates information external to the company and looks at interdependencies to help make better decisions and more successfully manage their risks.

  • Risk Culture of Companies

    April 15, 2009

    Risk culture is an area of risk management that has become a recent focus for many boards. Risk culture is the system of values and behaviors present in an organization that shapes risk decisions of management and employees. A first step to addressing the risk culture of an organization is a conversation among management and the board involving topics such as “tone at the top”, effective communication, and appropriate incentives. A strong risk culture will take time to develop in an organization and its presence will mean that employees know what a company stands for, the boundaries within which it can operate, and that they can openly discuss which risks should be taken in order to achieve the company’s long-term strategic goals.

  • Effects of Economic Crisis on Corporate Governance

    March 31, 2009

    The economic crisis is impacting the future of corporate governance. With boards being one of the players blamed for the crisis, their roles are shifting and growing in importance, with increasing focus on board oversight of risk, redefined roles between boards and management, and reassessments of executive compensation policies. As the concept of corporate governance evolves, a positive outcome may be that the focus will shift from short-term performance measures to the long-term sustainability of businesses.

  • NYSE Perspectives on Governance and Risk Management in Today’s Economy

    March 20, 2009

    Glenn W. Tyranski, the Senior Vice President of Financial Compliance at New York Stock Exchange (NYSE) Regulation, spoke at the March 20, 2009 ERM roundtable about the evolving roles of NYSE Regulation and emerging issues surrounding accounting standards, corporate responsibility, and risk assessment.

  • Six Ways Companies Mismanage Risk

    March 01, 2009

    Effective risk management is difficult even in the best situations, and failure of risk management can cause large losses within an organization. There are six fundamental mistakes risk managers routinely make: relying on historical data, focusing on narrow measures, overlooking knowable risks, overlooking concealed risks, failing to communicate, and not managing in real time. Augmenting conventional risk modeling techniques with scenario analyses of catastrophic risks and strategies for surviving these risks can improve risk management effectiveness.

  • Audit Committee Member Survey

    March 01, 2009

    The 4th Annual Public Company Audit Committee Member Survey was sponsored by KPMG’s Audit Committee Institute and the National Association of Corporate Directors (NACD). Between November 2008 and February 2009, 280 audit committee members serving on the board of at least one U.S. public company were surveyed. Key survey findings are highlighted such as the ways in which the economic crisis is changing how audit committees function, top agenda priorities for committees in 2009, and areas in which committee oversight processes could be more effective.

  • Ten Practical Lessons for Risk Management

    March 01, 2009

    Recent events have uncovered significant deficiencies in the way risks are managed at financial institutions and many other companies. Research into these deficiencies shows ten practical lessons companies can apply to address current weaknesses and strengthen risk management systems. By wielding appropriate authority, gaining support from senior management, and thoroughly examining the models and incentive systems used, risk managers can greatly improve companies’ risk management systems.

  • Reputation Risk Management

    March 01, 2009

    A 2008 survey investigated the status of reputation risk management at different companies and found that companies are aware of reputation risks but may not be sufficiently managing these risks. There are several methods for managing reputation risks, including engaging with stakeholders, monitoring the content and volume of media coverage of the company, monitoring performance against external ratings or benchmarks, and crisis management. Ultimately, for reputation risk management to be successful, it should be integrated into broader risk management frameworks and reputation risk factors should become a key aspect of business decision making.

  • Key Areas of Concern in Corporate Governance

    March 01, 2009

    Strong corporate governance is essential for boards as they are positioned to lead the way in implementing measures that contribute to economic growth and sustainability. There are four areas of corporate governance the National Association of Corporate Directors (NACD) has identified as being the most important and of immediate concern: risk oversight, corporate strategy, executive compensation, and transparency. Within each area of concern, the NACD provides recommendations from their Key Agreed Principles to Strengthen Corporate Governance for U.S. Publicly Traded Companies document as well as addresses future challenges boards will face in improving governance practices in each area.

  • S&P Evaluations of ERM as Part of Credit Rating Process

    February 27, 2009

    Standard & Poor’s announced in 2008 plans to include evaluations of how non-financial companies manage enterprise-wide risks as part of S&P’s credit rating process. Steve Dreyer, Managing Director of Utilities and Infrastructure Ratings at Standard & Poor’s, provided an overview at the February 2009 ERM Roundtable in Charlotte about S&P’ process for considering ERM practices as a part of their credit rating evaluations.

  • Internal Auditors Partnership with Management

    February 01, 2009

    Internal auditors in the past have been used to examine how well management is performing and how well the company is operating. Now there is a need for internal auditors to work in conjunction with management to oversee risks. CHAN Healthcare Auditors realized this change in internal audit and has developed an audit process and tool that allows for a more effective approach to risk management. Even though the approach is mainly geared towards the healthcare industry, it can be used in numerous industries to determine companywide and departmental vulnerabilities.

  • Boards Emphasize Risk Management to Survive Current Economic Crisis

    February 01, 2009

    KPMG’s Audit Committee Institute hosted a national conference with the goal of discussing the current challenges, practices and priorities facing audit committees and boards. Among the results, the professionals in attendance identified a company’s ability to assess and manage their risk profile as one of three main issues essential to surviving the next 18 months. They also compiled a list of five top concerns faced by today’s audit committee; risk management came in at number two, and alignment of business strategy with risk was number five.

  • Enhancing IT Risk Management: An Exposure Draft

    February 01, 2009

    Information Technology (IT) risk is a business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. Even though the use of IT can cause many risks for an enterprise, there are also many benefits derived from the use of IT. IT risk is prevalent at all levels of an organization, and many organizations have a hard time integrating the management of IT risk with all of the other business risks an organization faces. This exposure draft, “The Enterprise Risk: Identify, Govern and Manage IT Risk, The Risk Framework Exposure Draft,” helps management properly integrate the management of IT risk into its Enterprise Risk Management, make well-informed decisions about the extent of the risk, risk appetite, and risk tolerance of the enterprise, and understand how to respond to risk.

  • Best-in-Class Enterprise Risk Management

    February 01, 2009

    The Aberdeen Group conducted an online survey in January and February 2009 of over 120 enterprises in a diverse set of industries and geographies that are devoting resources to improving their enterprise risk management (ERM). Results from this survey and additional interviews of selected respondents helped identify strategies and frameworks companies are using to realize business benefits from their ERM programs. Additionally, this survey provides a roadmap for companies planning an ERM initiative or augmenting an existing initiative in terms of actionable analysis and recommendations to improve ERM within an entity.

  • Optimism Thwarts Risk Identification

    January 31, 2009

    Many culprits have been identified as causes to the current financial crisis, from faulty risk models to basic human greed. Susan Webber takes a step back to examine the culture that underlies errors which led to the current climate. In this article, she examines how a “yes man” environment creates a dangerously optimistic decision-making process. Valuing good news and positive thinking over observing realistic restraints to business strategy can prove disastrous in the long run for a company.

  • Risk Mis-Management

    January 04, 2009

    The largest banks and investment firms in the United States took excessive risks over the past few years, contributing to the current financial crisis; however, there was little indication to many that these risks existed. This is partially due to widespread institutional reliance on Value at Risk (VaR) models to measure the amount of risk in company portfolios. VaR can measure the boundaries of risk in a portfolio over a short duration in a normal market, but it does have some limitations. VaR input includes only recent events and not data from historic times of stress, it does not measure the largest risks that have a small probability of occurrence, it has problems properly accounting for leverage, and its overall measure can be manipulated. Despite these shortcomings, VaR and other risk models can still be useful when they are not relied on alone but combined with human judgment.

  • ERM is Vital for Businesses and the Economy

    January 01, 2009

    With the recent financial crisis many wonder if risk management could have prevented or minimized the fall out. The answer is yes. However many companies fail to properly implement risk management and therefore they do not fully understand the risk they are undertaking. Failures occurred because companies don’t fully understand the proper steps for effective risk management. This report addresses where companies failed and the areas companies need to improve to prevent another financial crisis.

  • Financial Industry Assesses Role of Risk in Credit Crisis

    January 01, 2009

    This global survey conducted by KPMG in conjunction with the Economist Intelligence Unit in October 2008 summarizes responses from over 500 world-wide risk management senior officers in the banking industry about the role risk management played in the current economic crisis and how enterprise risk management would be used going forward. The report based on this survey highlight several themes permeating banking culture’s utilization of risk management that helped allow the current credit crisis. The report provides insights as to possible solutions, which many of the respondents are planning to or are currently taking.

  • The Top Ten Risks for Global Business in 2009

    January 01, 2009

    This report compiles views of industry commentators, sector experts, and Ernst & Young practice professionals as to the major business risks facing “leading global firms” in each of their sectors. The risks identified as the top ten risks for global business in 2009 were rated as having the greatest impact across the largest number of sectors, and these risks will likely do the most to influence markets and drive corporate performance in the coming year. Several of the top ten risks identified were on the list last year: the credit crunch, regulation and compliance, radical greening, cost cutting, and executing alliances and transactions. Three of the top ten risks, non-traditional entrants, managing talent, and reputation risks, moved up from lower rankings the previous year. There were also two new risks that were not identified last year, deepening recession and business model redundancy.

  • Limitations of Traditional Risk Models in Forecasting Risk

    January 01, 2009

    The current economic crisis has upset many common assumptions about the global financial system and shaken investor confidence. While there are unique aspects to this crisis, it is important to understand that severe economic crises in general are not rare events. Traditional methods of modeling risk often fail to reflect the frequency of declines and when these declines will occur. It is important for investors to rely on more than the output from traditional risk models in assessing the potential risk associated with investments.

  • Global Risk Management Survey

    January 01, 2009

    AON conducted a global risk management survey in October and November 2008 with risk managers and chief risk officers comprising two-thirds of respondents. Responses represent 551 organizations of various sizes and industries in over 40 countries. A similar survey was conducted two years ago and there is a comparison of the key and emerging risk issues highlighted. The top ten risks facing businesses, overall risk preparedness, and losses related to risks are addressed. Key business topics such as identifying, assessing, measuring, and managing risk; board oversight and involvement; and risk management departments and functions are discussed. One consistent theme through all the findings is that the worldwide economic downturn has had an enormous impact on how risk is approached and managed.

  • ERM Benchmarking Survey

    January 01, 2009

    An ERM benchmarking survey of chief audit executives and heads of internal auditing was conducted that garnered 240 responses from organizations across many industries and nations. From those 165 respondents with a risk management program or process in place, information was gathered about risk management philosophies and drivers, program implementation and structure, communication and reporting, and technology practices. The survey also reports on recommendations and leading practices for risk management programs and processes identified by the respondents.

  • Companies Succeed During Downturn with ERM

    January 01, 2009

    In the four-part series “Managing in a Downturn” produced by The Financial Times, Russell Walker comments on the place for enterprise risk management in the current economic environment. Walker uses JPMorgan, Berkshire Hathaway, Honda and Toyota to show how enterprise risk management (ERM) as part of an overall business strategy can help prepare a firm for unexpected events like the credit crisis.

  • Costs Associated with Regulatory Risks

    December 31, 2008

    A significant portion of an organization’s enterprise risk management efforts in both time and dollars may be spent on compliance and regulatory risks. Compliance with federal regulations cost approximately $1.157 trillion in 2007. There were 159 economically significant rules under consideration in 2007, each having an estimated cost of at least $100 million annually. Regulatory compliance costs are important to all businesses, but can be higher per-employee for small businesses since some costs are imposed regardless of size. Federal regulations provide a means of funding government programs without using tax dollars, essentially becoming a form of off-budget taxation that minimizes public scrutiny. The significant impact of these regulatory compliance costs and their overall lack of visibility suggest a need for increased disclosure, transparency, and accountability related to federal regulations.

  • The Convergence of Enterprise Performance Management and Risk Management

    December 31, 2008

    Organizations can increase their probability of achieving strategic objectives by taking an integrated approach to deploying strategy and managing associated risks. The Performance/Risk Integration Management Model (PRIM2) provides a framework for organizations to consistently communicate and deploy strategies, proactively identify and manage inherent risks in the strategy, and ensure integration of strategic plans, risk management, and performance management in strategy execution. PRIM2 also provides real-time transparency into an organization’s operations, facilitating continuous alignment of strategy, risk management capabilities, and performance management. While the details of a PRIM2 infrastructure will vary across organizations, there are several core elements that should be incorporated in any PRIM2 framework. Implementation of a PRIM2 framework is intended to establish and maintain a balance between the enhancement and protection of an organization’s shareholder value.

  • Managing Information Technology Risk:  A Global Survey for the Financial Services Industry

    December 31, 2008

    Ernst & Young’s first global survey for the financial services industry that provides industry data, trends, leading practices, and opinions on the components of effective information technology (IT) risk management. Based on survey responses, many financial institutions are seeking ways to better integrate IT risk management with their overall risk management program and processes.

  • Strategic Business Risk – Top 10 Risks in Business for 2008

    December 31, 2008

    Ernst & Young conducted a survey of industry analysts in order to identify the top 10 strategic business risks for 2008. It became clear that there is significant variation in risks between sectors of the economy. Nevertheless, the risks that were rated as having the greatest impact across the largest number of sectors were identified and ranked.

  • Boards of Directors and Risk Management in 2009

    December 08, 2008

    There will be many pressures on boards of directors in 2009 given the current economic climate, and several of these pressures revolve around the issue of risk management. This “white-paper” memorandum examines risk management in the context of key issues facing boards in 2009, roles and duties of the board, and board committees and procedures. Boards will need to focus on oversight of risk management, possibly establishing a dedicated risk management committee at the board level. Boards should also ensure executive and director compensation policies are aligned with stakeholder interests and that those policies do not promote excessive risk-taking. Another key focus for boards will be balancing short-term and long-term interests, resisting undue pressure for positive short-term results and positioning their companies for long-term growth.

  • Board Oversight of Risk Management and Executive Compensation

    December 01, 2008

    Boards of directors have fiduciary responsibilities to shareholders and there are several “pressure points” they can address to ensure fulfillment of these duties. One pressure point for boards is risk oversight and boards should consider reassessing their existing risk management programs to ensure a top-down, enterprise-wide approach is being taken that helps achieve the long-term goals of the company. Another pressure point is executive compensation and boards can take several steps to strengthen the link among pay, performance, and accountability to better reflect the risk culture of the organization.

  • Understanding and Articulating Risk Appetite

    December 01, 2008

    Risk appetite, when properly understood and articulated, can be a powerful tool for managing risk and enhancing overall business performance by better aligning decision-making and risk. Many organizations have a need for increased clarity regarding their risk appetite and this article provides insights on formulating and defining risk appetites.