There are some things you learn best in calm, and some in storm.
—Willa Sibert Cather
Enterprise risk management (ERM) is a discipline that allows management to judge total business risk. There are diverse audiences who are interested in monitoring the firm’s enterprise risks. There are the internal audiences—the board of directors, management, and employees—and the external participants—investors, vendors, and rating agencies. The ERM process can help the firm avoid or weather a powerful category five storm if the appropriate quantitative modeling is in place and qualitative reasoning prevails by management.
ERM reporting and disclosure provides the forum to discuss the key vulnerabilities and risks of the firm and strengthens management accountability. It cannot provide management with good business sense, for executives need to determine what makes their business unique and establish comprehensive guidelines within which all in the firm operate. Transparency is important to ERM disclosure as business managers, senior managers, and the board of directors (referred to as board) need to track exposures and discuss these regularly. Without transparency and disclosure, a firm lacks the information to make important risk decisions.
Instituting full ERM systems can ...