Articles: Boards, Audit Committee, and ERM

  • Internal Audit and Risk Oversight

    August 01, 2009

    The Institute of Internal Auditors recently issued two new practice advisories related to risk management. The first practice advisory, titled “Using the Risk Management Process in Internal Audit Planning”, deals with coordinating internal audit activity with risk management. The second practice advisory, titled “Assurance Maps”, centers on identifying and addressing any gaps in the risk management process.

  • Walker Review on Corporate Governance in the UK Banking Industry

    July 16, 2009

    Governance failures contributed materially to the excessive risk taking leading to the financial crisis, and improved governance is key to decreasing the chance of these events recurring. The Walker Review examines corporate governance in the UK banking industry and many of its conclusions and recommendations center on increasing risk focus and discussions at the board level. The review provides 39 recommendations covering topics such as board size, composition and qualification; functioning of the board and evaluation of performance; the role of institutional shareholders related to communication and engagement; governance of risk; and remuneration.

  • Shifting of Internal Audit Strategy and Focus

    July 01, 2009

    Findings from a survey and roundtable of internal audit executives, service providers, and regulators show that internal audit is changing its risk priorities and audit coverage in response to changing stakeholder expectations in the current economic crisis. Internal audit is taking on a more strategic role in the organization and focusing more on ERM processes and recession-related risks.

  • How Risk Management Is Changing in Response to the Economic Crisis

    July 01, 2009

    The economic crisis is changing the risk management landscape in various ways. The government bailouts enacted in response to the economic crisis will have many effects, with the greatest potential effect on risk appetites of organizations. The magnitude and frequency of bailouts could encourage increased risk appetites or there could be increased risk aversion in response to what is currently perceived as a high-risk environment. Another way in which the economic crisis is shaping risk management is that increased security risks and decreased security budgets are encouraging an enterprise risk perspective to better enable organizations to track, quantify, and analyze shifting thresholds of risk. This enhanced perspective can then be used to address concerns such as insider threats, information risk, and product protection.

  • Getting Executive Compensation Right

    July 01, 2009

    Executive compensation systems are often criticized for rewarding the wrong things, ignoring shareholder objections, focusing on short-term results, and being too opaque. Finding the appropriate level and type of compensation is an important first step to improving effectiveness of pay packages. There are also several actions that boards and shareholders can take in working towards improved executive compensation systems.

  • Culture of Candor

    June 01, 2009

    Performance of leaders is increasingly being measured based on the extent to which they create economically, ethically, and socially sustainable organizations. Increased transparency is an important step for leaders making this shift. An improved culture of candor can benefit organizational performance and there are several steps outlined for leaders seeking to create increased transparency. There is no easy way to institutionalize candor. Positive steps towards increased transparency are described but true transparency will require ongoing effort, sustained attention, and constant vigilance.

  • Increasing Oversight by Audit Committees

    May 01, 2009

    Audit committees are responding to the recent financial crisis by refocusing and increasing their oversight efforts. Committees report a renewed focus on the “basics” of oversight that include better education by management, closer connections with management teams, exercising skepticism and testing information, and an increased focus on accountability. Audit committees are now prioritizing their focus on ensuring they receive quality information about the company’s business activities and risks and oversight of the company’s risk management processes.

  • Risk Culture of Companies

    April 15, 2009

    Risk culture is an area of risk management that has become a recent focus for many boards. Risk culture is the system of values and behaviors present in an organization that shapes risk decisions of management and employees. A first step to addressing the risk culture of an organization is a conversation among management and the board involving topics such as “tone at the top”, effective communication, and appropriate incentives. A strong risk culture will take time to develop in an organization and its presence will mean that employees know what a company stands for, the boundaries within which it can operate, and that they can openly discuss which risks should be taken in order to achieve the company’s long-term strategic goals.

  • Effects of Economic Crisis on Corporate Governance

    March 31, 2009

    The economic crisis is impacting the future of corporate governance. With boards being one of the players blamed for the crisis, their roles are shifting and growing in importance, with increasing focus on board oversight of risk, redefined roles between boards and management, and reassessments of executive compensation policies. As the concept of corporate governance evolves, a positive outcome may be that the focus will shift from short-term performance measures to the long-term sustainability of businesses.

  • Audit Committee Member Survey

    March 01, 2009

    The 4th Annual Public Company Audit Committee Member Survey was sponsored by KPMG’s Audit Committee Institute and the National Association of Corporate Directors (NACD). Between November 2008 and February 2009, 280 audit committee members serving on the board of at least one U.S. public company were surveyed. Key survey findings are highlighted such as the ways in which the economic crisis is changing how audit committees function, top agenda priorities for committees in 2009, and areas in which committee oversight processes could be more effective.

  • Key Areas of Concern in Corporate Governance

    March 01, 2009

    Strong corporate governance is essential for boards as they are positioned to lead the way in implementing measures that contribute to economic growth and sustainability. There are four areas of corporate governance the National Association of Corporate Directors (NACD) has identified as being the most important and of immediate concern: risk oversight, corporate strategy, executive compensation, and transparency. Within each area of concern, the NACD provides recommendations from their Key Agreed Principles to Strengthen Corporate Governance for U.S. Publicly Traded Companies document as well as addresses future challenges boards will face in improving governance practices in each area.

  • Boards Emphasize Risk Management to Survive Current Economic Crisis

    February 01, 2009

    KPMG’s Audit Committee Institute hosted a national conference with the goal of discussing the current challenges, practices and priorities facing audit committees and boards. Among the results, the professionals in attendance identified a company’s ability to assess and manage their risk profile as one of three main issues essential to surviving the next 18 months. They also compiled a list of five top concerns faced by today’s audit committee; risk management came in at number two, and alignment of business strategy with risk was number five.

  • Boards of Directors and Risk Management in 2009

    December 08, 2008

    There will be many pressures on boards of directors in 2009 given the current economic climate, and several of these pressures revolve around the issue of risk management. This “white-paper” memorandum examines risk management in the context of key issues facing boards in 2009, roles and duties of the board, and board committees and procedures. Boards will need to focus on oversight of risk management, possibly establishing a dedicated risk management committee at the board level. Boards should also ensure executive and director compensation policies are aligned with stakeholder interests and that those policies do not promote excessive risk-taking. Another key focus for boards will be balancing short-term and long-term interests, resisting undue pressure for positive short-term results and positioning their companies for long-term growth.

  • Board Oversight of Risk Management and Executive Compensation

    December 01, 2008

    Boards of directors have fiduciary responsibilities to shareholders and there are several “pressure points” they can address to ensure fulfillment of these duties. One pressure point for boards is risk oversight and boards should consider reassessing their existing risk management programs to ensure a top-down, enterprise-wide approach is being taken that helps achieve the long-term goals of the company. Another pressure point is executive compensation and boards can take several steps to strengthen the link among pay, performance, and accountability to better reflect the risk culture of the organization.

  • Aligning Risk Management and Executive Compensation

    December 01, 2008

    Boards of directors are charged with corporate governance tasks that include setting executive compensation and developing the corporation’s strategic agenda in light of its risk tolerance. Using short-term performance metrics, like stock price or earnings per share, to determine executive compensation may encourage executives to make decisions that are not aligned with the corporation’s strategic plan or overall risk appetite.

  • Improving Board Risk Oversight

    November 01, 2008

    This report discusses how a person’s perceptions shape their views of risk. Because of varying views of risk, boards are prone to different interpretations of its responsibilities for risk oversight. To meet their fiduciary responsibilities for overall risk oversight, boards of directors need to evaluate how it approaches its risk responsibilities and look for ways to ensure the process is robust, structured, and repeatable so that risks are intelligently considered by the board. This whitepaper suggests that companies should focus on six key areas that increase risk intelligence.

  • The Audit Committee Journey: Charting Gains, Gaps, and Oversight Priorities

    September 30, 2008

    This report by KPMG, LLP describes insights from audit committee members of public companies regarding audit committee priorities and processes. The data come from the 2007-2008 Public Company Audit Committee Member Survey by the KMPG Audit Committee Institute which compiled findings from nearly 300 audit committee members and the 2008 Audit Committee Issues Conference attended by around 120 audit committee members. Key findings include that audit committees have grown more confident in their oversight of traditional financial reporting matters, but they believe there is a significant opportunity to improve their risk management oversight and believe that oversight of risk management is their top oversight priority for 2008.

  • Board-Level Risk Committees

    June 01, 2008

    Traditionally, senior risk executives have managed risk at the operational level of organizations. Boards have had general oversight responsibilities for risk, with audit or finance committees taking on more specific risk responsibilities. Now, with the heavy workloads of audit and finance committees and a trend towards implementing enterprise risk management (ERM) processes, many organizations are finding it beneficial to form separate board-level risk management committees. The risk content of an organization is often still addressed at the board level across many committees, while risk process is the focus of the separate risk committee.

  • Standard & Poor’s Applies ERM Analysis to Ratings

    May 01, 2008

    Beginning in the third quarter of 2008, Standard and Poor’s will incorporate Enterprise Risk Management (ERM) into discussions at regularly scheduled credit review meetings. The discussions of ERM will focus on the organization’s risk management culture and strategic risk management. This abstract provides a brief overview of S&P’s ERM evaluation plans.

  • ERM: The Importance of Senior Management Buy-In and Leadership

    May 01, 2008

    The Midwest Audit Committee Network met to discuss effective ways for boards and audit committees to oversee enterprise-wide risk management. The network is a group of audit committee chairs drawn from leading Midwest companies of varying size. This article captures the overall tone of the comments and outlines the conclusions drawn by the committee. While specific quotes are highlighted to emphasize a point, the speaker’s identity is kept confidential.

  • Audit Committee Oversight of Enterprise Risk Management

    April 01, 2008

    The emphasis the SEC and Standard and Poor’s have placed on risk management processes has led many companies to increase the oversight responsibility for risk management placed on the board of directors. Because of their involvement with internal and external auditors who assess the efficacy of internal controls, the audit committee is often being charged with oversight of enterprise risk management as well. Executive management, especially the CFO, is being held accountable by the board of directors for their assessment of key risk exposures and leading the enterprise risk management effort.

  • Audit Committee Involvement in Risk Oversight

    December 01, 2007

    Many boards of directors are directing executive management to embrace enterprise risk management (ERM) to develop a stronger top-down holistic view of risks affecting the enterprise. In most cases, the board is delegating oversight of management’s risk processes to the audit committee. Audit committees are now examining how they can expand their already full agendas to tackle these emerging expectations. This article briefly overviews the emerging role of ERM and issues facing audit committees.

  • Risk of Piling ERM on Audit Committee

    June 19, 2007

    The recently published article by Jabulani Leffall titled, Risk of Piling ERM on the Audit Committee, provides insight on the expectations placed on some audit committees to address a company’s entire risk matrix. This article explores those expectations and addresses the question of when it is beneficial for a company to subdivide a committee that manages such a wide-reaching range of risks.

  • ERM Progress

    June 01, 2007

    Internal Auditor recently published an article titled, Moving Forward with ERM, to provide news on recent developments in ERM and the increasingly important role that chief risk officers (CROs) play in risk management. As CROs and internal auditors work together on risk management issues, it becomes obvious that teamwork and enterprise-wide evaluation of risks is crucial. CROs, in particular, face the demands of providing a successful risk management program that effectively utilizes company resources.

  • Selecting Risk Consultants

    February 16, 2007

    Forrester recently published an article titled, Identifying and Selecting the Right Risk Consultant, that provides insight in making crucial decisions regarding selection of risk consultants. Just as the service needs of a company may vary, risk consultants provide service specialties that can be drastically different.

  • Managing Reputation Risk

    February 01, 2007

    Reputation is very important to most organizations, yet many companies do a poor job of managing risks to their reputation. Too often, companies focus their energy on addressing threats to their reputation that have already surfaced instead of proactively searching for potential reputation risks on the horizon.

  • ERM Business Drivers

    February 01, 2007

    Forrester recently published an article by Michael Rasmussen titled, Business Drivers for Enterprise Risk Management, detailing why companies struggle with implementing and managing a successful enterprise risk management (ERM) program. Groups such as the Open Compliance and Ethics Group and the Professional Risk Managers’ International Association have been established to provide help.

  • Informatica’s Solution for Data Quality

    November 01, 2006

    Informatica released a white paper in November 2006 to summarize data quality problems faced by financial institutions trying to maintain compliance. Large corporations have an especially hard time integrating different areas of the business to establish clean reports that are useful. Additionally, the ever-changing nature of the data make the job of maintaining quality reports more challenging.

  • Conference Board Releases Research Report About Boards and ERM

    June 06, 2006

    The Conference Board issued a July 2006 research report, “The Role of U.S. Corporate Boards in Enterprise Risk Management,” that provides insights about board of director perspectives on their role in overseeing enterprise risk management processes at organizations where they serve. Mark Beasley, NC State’s ERM Initiative Director, served as a member of the Advisory Board for the Project. Based on a research approach that involved personal interviews with 30 board members, analysis of Fortune 100 board committee charters, and a broad survey of 127 board members, the report finds that while ERM processes have improved in some companies, directors serving on multiple boards reported significant variations in the quality of risk dialogue and fewer boards seem to have well-established risk processes. Only 54% have clearly defined risk tolerances and only 47.6% of the boards rank key risks. Almost 50% of the directors would like to see more data analysis related to the company’s risk profile.

  • Internal Auditing’s Role in ERM

    April 01, 2006

    Internal auditors need to be actively involved in the ERM process at organizations. Seven valid or legitimate ERM-related responsibilities internal auditors can have are discussed.

  • Survey Data: ERM Trends

    December 31, 2004

    This study provides data obtained from surveys of nearly 1400 chief executive officers (CEOs) about risk trends and related expectations for effective ERM practices. With CEOs note that they are more aggressive risk takers than in the past, many note that they believe enterprise risk management practices will help them manage risks proactively to create value. They also agreed that risk management is a growing board of director priority and emphasis

  • Internal Audit’s Role:  Fraud and Reputation Risks

    December 31, 2004

    Now there is more pressure than ever on executive management and internal auditors to mitigate corporate fraud and misconduct. Even though senior management most likely has direct antifraud responsibility, internal auditors are likely to be given the operational responsibility for fraud monitoring. The general role of the internal auditor with regards to antifraud plans and ten steps the internal auditor can take in an antifraud plan are discussed.

  • Benefits of Managed Risks

    November 01, 2003

    When companies don’t guard themselves against substantial risks, the outcome can easily produce a damaged reputation. However, risk management should not discourage growth through eliminating risks, but the reverse should take place and positive risks should be implemented. Therefore, effectively managing the many risks faced by an organization is critical to its success.

  • Risk Gaps-Demand for ERM

    May 19, 2003

    Enterprise Risk Management programs can help close the huge gap in communication among executives and business unit leaders. Senior management and the board of directors’ involvement with risk assessment plays an important role in making an ERM framework effective. Involving all of the business units in risk assessment helps to eliminate the “silo effect,” whereby each business unit manages its risks in isolation. Developing an ERM framework that suits the company will help make it successful.