THE NEWS DOMINATING the world's attention in recent years—terrorist attacks; corporate scandals; severe acute respiratory syndrome or E. coli outbreaks; natural disasters such as hurricanes, earthquakes, and tsunamis; and turbulent financial markets—has triggered a shift in corporate risk management practices. The calculation of risk has always been central to managerial decision making, but CEOs and CFOs are acutely aware of the need to deal proactively with uncertainties that can threaten their business.
With this in mind, larger firms have designated a chief risk officer (CRO), whose prime function is to make risk management a central part of the business. The CRO reports to the CFO, whereas the CFOs of smaller firms personally assume risk management responsibilities, known as enterprise risk management (ERM). Risks are often closely connected. Operational risks, for example, can quickly evolve into market risks if word gets out and the share price falls.
ENTERPRISE RISK MANAGEMENT
ERM is widely used as a way to effectively manage the complex portfolio of risks that exist across an organization. Instead of relying on a traditional, “silo-based” strategy, where each area of the organization manages its own risk, ERM adopts a broader top-down view of risks that integrates and coordinates risk oversight across the entire enterprise. An effectively implemented ERM process should provide auditors important information about the client's most significant ...