• Home
• Site Map
• Privacy

About the Author

Steven Minsky, LogicManager CEO, highlights the differences between Compliance and true Enterprise Risk Management, which most importantly is about helping something to happen - not preventing something from happening. Steven's blog helps you think about risk in a new way and how to benefit practically from this rapidly evolving new field.

• Blog
• Events
• News
• Webinars

New Era of Risk Management

S&P Issues Risk Management Progress Report

Standard and Poor’s published their progress report on their integration of Enterprise Risk Management analysis into their non-financial corporate credit ratings evaluations. In observing company performance during the ongoing economic and financial difficulties, S&P has noted that effective or ineffective risk management is often cited as the root of success or failure.

This is in sync with the recent announcements by the SEC and other regulators to extend their risk management disclosure requirements to focus on the gap between executive management and their front-line of managers. The consensus is clear, that companies need an ERM infrastructure to manage tolerances for risks within each process area that may materially impact to the organization and to disclose how compensation policy has changed from paying for activities to rewarding risk management competency.

Further evidence that an ERM infrastructure is needed can be found in the RIMS State of ERM Report. It states that organizations that have built their ERM infrastructures using the 25 competency drivers in the RIMS Risk Maturity Model for ERM were proven to have higher credit ratings and better business performance than those who did not.

If you want to learn how to put an ERM infrastructure in place or improve your current ERM Program to increase your risk management competency simply and practically, use the complimentary RIMS Maturity Model for ERM that can be downloaded at www.rims.org/rmm. This resource uses an ERM assessment technique to help you to identify the gaps versus best practice in your current risk management efforts and then provides a report with specific and actionable steps based on your answers of what to do next to improve.

The key findings released by Standard & Poor’s as a result of their enterprise risk management evaluations with companies reinforces the need to take action.

• Most companies are unable to provide clear examples of definitions for risk tolerance or risk appetite and find it difficult to ensure uniform behavior across the enterprise.
• A majority of companies suffer from “silo-based” risk management.
• Companies with a true enterprise-wide approach to ERM appreciate the importance of going beyond only quantifiable risks or top 10 risks and understand the importance of emerging risks.
• The ERM function's reporting line is typically to the CFO or the CEO, often with a direct line of communication to the board of directors, commonly to the audit committee.
• Standard & Poor's cites a compliance-driven push toward ERM as a possible danger.

The full report can be found on Standard & Poor's website, www.erm.standardandpoors.com

Other posts

• ERM vs GRC? SEC Says No to Myopic Approach: Costly Example from Goldman Sachs
• S&P Issues Risk Management Progress Report
• SEC Proposes Accountability for ERM at the Board Level
• Wake-up Call for an ERM Approach to Business Continuity
• New Congressional Report: A Call to Action for ERM Regulation
• Evidence links ERM directly to improved business performance
• Risk Management: Evolve or Step Aside
• Global Warming: What does it mean to your bottom line?
• The Institute of Internal Auditors: A champion of ERM
• New Audit Standard For Financial Reporting
• Information Security and Enterprise Risk Management
• Amaranth Advisors revealed; The Emperor has no clothes
• The Power of Expert Opinion: A Lesson in Risk Management
• BP Oil Pipeline Leak: A Cry for Enterprise Risk Management
• Risk Management: Problems with spreadsheets?