Fear Factor

Sarbanes-Oxley offers one more reason to tackle enterprise risk management.

Perhaps another reason for resistance is the complex nature of ascribing dollar values to risks like customer loyalty or corporate reputation. “Not all risks are strictly mathematically calculable,” explains Senko. “ERM has created this sense of exactitude that just doesn’t exist. There is still some art and judgment involved in quantifying risk.”

Still, observers argue there is tremendous value in the process. “Smart CFOs know that their jobs call upon them to do two things — protect what they have and create more of what they have,” adds Terzuoli. “Risk scorecards, matrixes, and ERM offer a proactive way to manage risk as a source of competitive advantage. And they reduce risk as a way of preserving assets. While the stick may be Sarbanes-Oxley, the carrot is good common sense.”

Not only do companies forge a methodology for reporting potential surprises, this structure forces communication across functional lines. And arguably more important, accountability for risk is explicitly stated and monitored.

“When a risk event occurs,” says Senko, “you want someone to step up, take responsibility for it, and take immediate action to manage or mitigate that risk. Wading through layers of corporate approvals would be disastrous.”

Best of all, ERM is shareholder-friendly. “Perhaps the most important benefit from the whole process is a reduced gap between the knowledge an investor has about the company and the true risks embedded in that company,” says Terzuoli. “That gap will be smaller than ever before.”

RM Versus ERM
…the essential differences
Traditional Risk Management Enterprise Risk Management
Risk as individual hazards Risk in the context of business strategy
Risk identification and assessment Risk “portfolio” development
Focus on all risks Focus on critical risks
Risk mitigation Risk optimization
Risk limits Risk strategy
Risks with no owners Defined risk responsibilities
Haphazard risk quantification Monitoring and measurement
Risk is not my responsibility Risk is everyone’s responsibility
Source: KPMG

Discuss

Your email address will not be published. Required fields are marked *