Risk Management - Treasury and Risk Management- CFO.com:
But companies should be careful not to let risk and compliance become synonymous—or, more to the point, to allow IT products and services companies to co-opt the term for a narrow set of applications. Next year the Enterprise Risk Management Framework being developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission, which is a private-sector initiative to improve financial reporting, will be released, having completed a public-comments phase last month. The framework is an ambitious attempt to clarify a process by which a company's board, senior executives, and other stakeholders can identify and manage all types of risks in the context of a company's risk appetite and overall business objectives.
While COSO stresses that in this regard ERM is much broader than regulatory compliance, it does acknowledge the critical role that effective internal controls will play. That will no doubt inspire IT companies to emphasize the efficacy of their products in assessing risks beyond noncompliance. Watch for ERM, therefore, to generate even more buzz—and confusion.
Enterprise Risk Management: Toward a Definition
* Makes each area manager responsible for documenting and evaluating financial controls in his or her own area. People closest to each business unit manage the data, which improves accuracy and completeness.
* Identifies areas with inadequate control measures so action plans can be initiated to resolve problems.
* Tracks the progress of outstanding action plans, describes who is responsible for those actions, and sets the expected time for resolution.
* Protects against fraud with systematic data management that ensures multiple reviews and verification.
* Raises the level and precision of reporting to management.
* Puts 'localized knowledge' to work. Area managers become empowered to understand the impact of their roles on corporate results.