Reducing Risk - "How to Eat an Elephant: What Boards and Audit Committees should know…"
Enterprise Risk Management (ERM)
• Based on pervasive risk
• Companies effectively manage risk by leveraging and integrating risk management activities
• Responsibilities and accountabilities are deployed throughout the organization.
Strategic Dimension of
Enterprise Risk Management (ERM) for Audit Committees
• Organizational structure
• Strategic relationships
• Business partnerships
• Business processes improvement
• Information systems
Audit committees can generate value by:
• Staying focused on the objectives of Enterprise Risk Management
• Enterprise Risk Management is a journey
• Develop risk awareness (financial risk, operational risk, compliance risk)
• Understand your company's risk assessment approach
• Risk management
• Deploy risk management responsibility into staff roles
• Establish metrics to monitor risk management effectiveness
There are also strategic dimensions of Enterprise Risk Management (ERM)
• organizational structure
• strategic relationships and business partnerships
• the company's underlying business processes and information systems
Our
Business Process Improvement services cover:
• Business Process Diagnostic
• Business Process Integration
• Financial Analysis
• System Implementation Support
• Project Management Office
• KPI/Balanced Scorecard
As one of the
Best Places to Work in NJ, Amper is one of the largest independent CPA,
accounting,
tax preparation, and
auditing firms in the New Jersey, Pennsylvania and New York region.
 IT Risk Management
SOX
IT Preparation & Audit
SAS No. 70 Services
IT Governance
Disaster Recovery Planning
Security & Privacy
SysTrust©
IT Forensics
 Related Articles
International
Financial Reporting Standards —
Is the World Ready for Convergence?
Data Retention and eDiscovery — What Every Company Should Know
Accounting Standard 5:
A Kinder, Gentler Compliance Standard
Reducing Risk - "How to Eat an Elephant:
What Boards and Audit Committees should know..."
Assurance and Compliance Applications
IT Governance
Can IT Save the U.S. Health Care System
5 Steps you can take to ensure your new IT system delivers the results you expect
SAS 70
|
Reducing Risk - "How to Eat an Elephant:
What Boards and Audit Committees should know…"
By Dan Schroeder
The concept of Enterprise Risk Management ("ERM") is becoming a common topic with boards and audit committees. Many companies are actively deploying a more complete approach to managing risk under one large umbrella. ERM is based on the recognition that risk is pervasive, and the companies can more effectively and efficiently manage risk by leveraging and integrating risk management activities, and by deploying responsibilities and accountabilities throughout the organization. Moreover, it is becoming a recognized axiom that there exists a direct correlation between effective business process and financial management techniques, and effective risk management (i.e., ineffective business processes yield high risks.)
Audit committees should be able to generate real value for their companies by:
- Staying focused on the fundamental objectives and purpose associated with ERM
- Recognizing that ERM is a journey not a destination;
- chances are your company is already practicing many aspects of ERM,
- ERM can deployed over time without substantial investments
- ERM investments should provide a healthy return in the form of risks events avoided and improvement of efficiencies and effectiveness of business processes.
- Develop risk awareness and consciousness at the audit committee. Understanding in your industry and how your business creates risk. (Financial, operational, compliance, reputation, etc.)
- Understanding whether your company has an approach to continuously assess and mitigate risks.
- Provide leadership to raise awareness of risk management and relate to advancement of the company's mission and objectives.
- Deploy responsibility and accountability into line and staff roles, for risk management including:
- Continuous risk assessment (tied to change control)
- Continuous Monitoring
- Continuous improvement of controls
- Establish metrics to monitor risk management effectiveness and follow through regularly to reinforce accountability and reinforce success.
The above are examples of practical tactics the audit committee can take immediately. Certainly, there are also strategic dimension of ERM that the audit committee needs to eventually address. These include organizational structure, strategic relationships and business partnerships, and the company's underlying business processes and information systems.
|
View PDF
Print this issue