ERM for a changing world

By Paul L. Walker, CPA, Ph.D.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its new ERM framework. Here are suggestions for using the framework to maximum effect:

Check alignment. Compare your current ERM practices to the five components and 20 principles of the framework, Enterprise Risk Management — Integrating With Strategy and Performance. Your board may (and should) ask you how your organization matches up or what changes might be necessary.

Identify opportunities. Dig deep on certain principles that might add the most value and might help your organization manage risk better. For example, take a serious look at Principle 1 on board risk oversight. Has the organization or the board ever assessed how your risk oversight is set up and how it works? Board risk oversight is a principle worth doing right.

Scrutinize all that is new. Pay close attention to Principle 15, which says to identify risks in new systems, new acquisitions, new regulations, changes in compensation, new programs, etc. The biggest risks might be in any new transactions and decisions organizations make, and not necessarily in the objectives. At a minimum, it might be better to build in risk identification as part of these processes rather than waiting for a survey, interview, or annual risk assessment.

Consider strategic risk. Studies show that strategic risk is commonly the biggest value killer. Therefore, determine if you have ever applied strategic risk tools to strategic risk or if you have just categorized some risks as strategic. One way to find out is to take all of your currently identified strategic risks and categorize them according to the three strategic risk dimensions identified in the framework: risks in setting strategy, risks in strategic alignment, and risks in implementing the strategy. If all of your risks line up under one dimension, you may have a lot more work to do before you can be sure you've identified all of your strategic risks.

Challenge your strategy. Principle 8 clearly says to evaluate alternative strategies. Your strategy and the risk to that strategy should be challenged. In today's disruptive business environment, not doing so is unwise.

Look at business context. Further consider Principle 6 — evaluating business context. Does your organization identify the risks in a changing landscape? It is a principle, but it is also a smart way to run a company.

Find connections. Resolve to look for the interconnectedness of risks (Principle 14). Do you know which risks are connected and which ones might all happen at the same time? Not knowing this means you are likely under-managing the risk.

See where other principles apply. Finally, dig deeper on other principles and examine how they might apply to your organization. Principles 3, 9, 11, 12, and 17 also may be especially useful for boards. Remember that managing risk better helps you create value, and the framework is a tool to help you do that effectively.


COSO's 20 principles

1. Exercises board risk oversight

2. Establishes operating structures

3. Defines desired culture

4. Demonstrates commitment to core values

5. Attracts, develops, and retains capable individuals

6. Analyzes business context

7. Defines risk appetite

8. Evaluates alternative strategies

9. Formulates business objectives

10. Identifies risk

11. Assesses severity of risk

12. Prioritizes risks

13. Implements risk responses

14. Develops portfolio view

15. Assesses substantial change

16. Reviews risk and performance

17. Pursues improvement in enterprise risk management

18. Leverages information and technology

19. Communicates risk information

20. Reports on risk, culture, and performance


—By Paul L. Walker, CPA, Ph.D. (walkerp@stjohns.edu), James J. Schiro/Zurich Chair in Enterprise Risk Management, executive director, Center for Excellence in ERM, St. John's University. To comment on this article or to suggest an idea for another article, contact Ken Tysiac, a JofA editorial director, at Kenneth.Tysiac@aicpa-cima.com or 919-402-2112.

SPONSORED REPORT

2018 financial reporting survey: Challenges and trends

Learn the top reporting challenges that emerged in a survey of more than 800 finance, accounting, and compliance professionals across the world, and compare them with your organization's obstacles.

PODCAST

How the skill set for today’s CFO is changing

Scott Simmons, a search expert for large-company CFOs, gives advice for the next generation of finance leaders and more, including which universities are regularly producing future CEOs and CFOs.