RISK QUOTE: I never think of the future. It comes soon enough.
—ALBERT EINSTEIN, PHYSICIST
RISK QUOTE: The lion and the calf shall lie down together but the
calf won’t get much sleep.
—WOODY ALLEN, WRITER/ACTOR/DIRECTOR/PRODUCER
The Sarbanes-Oxley Act of 2002 (SARBOX) established new standards for corporate governance, internal control assessment, and financial disclosure. It required new controls for managing and reporting risk. The Act is a driver for ERM but is not the same as ERM. It is a subset, and a relatively small subset at that. In this chapter, we cover basic tenets of the Act but do not put it into an ERM structure.
The goal of the Act is “to protect investors by improving the accuracy and reliability of corporate disclosures.” The board of directors is responsible for achieving this goal by developing new risk management processes for compliance and setting new standards for risk management in governance.
Not all boards have to comply with the requirements of Sarbanes-Oxley. The Act regulates U.S. companies that issue securities to the public under the U.S. Securities Act of 1933 and non