Chapter 10

Corporate Culture and Risk Portfolio Management

Any enterprise in a going business faces a series of different risks. Some approaches to managing and coping with many of these risks have been discussed in previous chapters. Chapter 5 discussed approaches for developing and implementing effective risk management processes, and this chapter looks at three important areas for implementing an effective risk management culture in an enterprise.

The chapter will first discuss help and support resources for the enterprise codes of conduct that were discussed in Chapter 5 and will review the role of whistleblower functions both in support of Sarbanes-Oxley (SOx) requirements and as somewhat of an escape mechanism to manage enterprise risks. A whistleblower is usually an enterprise stakeholder that sees something is wrong—often very wrong—in an enterprise risk management process but finds that his or her direct managers are ignoring that issue, effectively telling other stakeholders to sit back and not be concerned. Enterprises need a facility to allow a stakeholder to report a problem independently without fear of retribution. In addition, there should be some form of help desk facility for a larger enterprise such that a stakeholder at any level can seek further information about some rule or procedure and ask for help.

Our second but very important topic in this chapter is risk portfolio management. Any enterprise faces a wide range of different risks of various types and ...

Get COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance (GRC) Processes, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.