Magazine article Strategic Finance

Are You Identifying Your Most Significant Risks? Results from a COSO-Sponsored Survey Show That Companies Need to Do a Better Job in This Area

Magazine article Strategic Finance

Are You Identifying Your Most Significant Risks? Results from a COSO-Sponsored Survey Show That Companies Need to Do a Better Job in This Area

Article excerpt

The economic meltdown during the last three years continues to cause numerous stakeholders to question how boards and senior executives are overseeing their organizations' most significant risk exposures. Many have argued that some entities failed because they didn't focus enough on identifying, assessing, and managing their most important emerging risks that were threatening stakeholder value. For others, the pursuit of returns and growth through overly aggressive strategies overshadowed the underlying risks that management and the board had assumed to achieve performance targets. In some cases, organizational leaders were blindsided by unknown risks, largely because they lacked sufficient infrastructure to identify, assess, and monitor emerging risks within their enterprises and because they were overconfident about ad hoc approaches to risk management.

In light of these situations, numerous changes in risk oversight have been occurring. In May 2008, Standard & Poor's announced its efforts in evaluating an issuer's enterprise risk management (ERM) processes as an additional component of their credit evaluation procedures. In March 2010, the Securities & Exchange Commission (SEC) required publicly traded companies to begin providing in their annual proxy statements to shareholders disclosures that describe the board's role in risk oversight. In July 2010, President Obama signed the Federal Financial Reform legislation that mandates risk committees for boards of financial institutions and other entities the Federal Reserve oversees. And more changes are likely to be on the horizon.

To gain a sense of the state of risk oversight across numerous industries and organizations, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) commissioned faculty in the Enterprise Risk Management Initiative at North Carolina State University to conduct a survey this past summer (for more information about the ERM Initiative, see www.erm.ncsu.edu).We conducted the research in conjunction with the member organizations of COSO, which are IMA[R] (Institute of Management Accountants), the American Accounting Association (AAA), American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), and the Institute of Internal Auditors (IIA).We collected data during June and July 2010 through an online survey instrument sent electronically to members of each of those organizations. (The intended individual was a member of senior management.)

We targeted the survey to individuals involved in leading ERM-related processes or who are knowledgeable about those efforts within their organization. We received 460 partially or fully completed surveys. (Not all questions were completed by all 460 respondents. In some cases, the questions weren't applicable because of the respondents' answers to other questions, and, in other cases, the respondents chose to skip a particular question.) Now we'll provide a summary of the key findings from the study and include observations about factors affecting how likely enterprises will embrace ERM going forward.

Description of Respondents

Because the term "ERM" is used often but isn't necessarily understood by everyone in the same way, we provided respondents the following definition of enterprise risk management, which is the definition included in COSO's 2004 Enterprise Risk Management--Integrated Framework:

"Enterprise risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."

The largest category of respondents is head of internal audit (37%), followed by chief financial officer (CFO) at 23%. Other respondents include the head of risk management or chief risk officer (12%), controller (10%), member of the board of directors (6%), and numerous other executive positions. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.