Introduction: Enterprise Risk Management Today
Well-recognized or mandated standards are important for effective enterprise governance and management. Compliance with these standards allows the enterprise to demonstrate they are following best practices and complying with regulatory rules. For example, the enterprise's financial statements are audited by an external audit firm to determine whether they are consistent with generally accepted accounting principles (GAAP) in the United States or are fairly stated following international financial reporting standards (IFRS). This financial audit process applies to virtually all enterprises worldwide, no matter their size or enterprise structure. Investors and lenders want an external party—an independent auditor—to examine financial records and attest whether they are fairly stated. In order to attest to these financial statements, that same auditor has to determine that there are good supporting internal controls surrounding all significant financial transactions.
Internal controls cover many areas in enterprise operations. An example here is a separation of duties control where a person who prepares a check for issue to an outside party should not be the same person who approves that check for payment. Two independent people should be involved with the release of checks that take cash from the enterprise. This is a common and well-recognized internal control, and many others relate to similar situations where one person ...