When you first think of risk management you think of having control, problems that may occur, or problems you can prevent from occurring. Risk management is a popular term and is very important when planning for a business. As an accountant, you always want to be very aware and alert.
Given the economic landscape of the past years, a company’s business model is challenged constantly by competitors and events that could give rise to substantial risks (Byrnes, Williams, Kamat, & Gopalakrishnan, 2012). Not being aware of the business and risks that may take action can be a major loss for an organization. Most organizations have begun to realize how important it is to a risk management program especially with all the new technology and high turnovers many businesses are having. Not only has risk management been widely affective in many organizations but the United States Securities & Exchange Commission (SEC) also has authorized it ). In 2009, the SEC passed Rule 33-9089, which mandated risk oversight by company boards of directors (Gates, Nicolas, & Walker, 2012).
As many of us now are working in firms or other entities, we always have questions and are looking for answers right away. A great process to look toward would be enterprise risk management also known as ERM for short. This can get you answers to many of your questions. ERM is define as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and the manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives (ucop. edu). This is such a broad definition but has so much meaning and concepts.
Some concepts of ERM are:1. Ongoing and flowing process through an entity. 2. Effected by all people in the organization, no matter their level. 3. Applied in strategy setting.
4. Applied across all entities at every level and unit. 5. Designed and set up to notice potential situations that is affecting the entity, and also manages the risk within the organization. 6.
Willing and able to provide answers to the entity’s management and entity’s board. ERM is not only the answers to many firms but is also the risk management process supported by the Securities & Exchange Commission and also other influential names out in the business world such as foreign stock exchange regulations, legal court cases or even standard & poor’s decision. Companies are definitely being pressured to identify and manage their risks. The ERM is about establishing the oversight, having control and discipline to have continuously improvement of an entity’s risk management abilities.
ERM is required to meet regulatory requirements but is definitely required to meet the best practice in organizations to remain competitive in today’s environment (baxterbruce). Although implementing and inserting ERM can be challenging, it still has a bright side to it and that it can increase your business performance and provide real benefits for the company. ERM shows a combine view of risk within the company and is design to help with the specific needs of each company. With companies that already has implemented the ERM is getting the full affect.
As we have learn having a risk management program is very importance and is steady growing, but there are many organizations that still question the use of ERM and the purpose or value it actually provide. As required by the SEC, many have carried out their risk oversight duties but have not seen any changes or improvements. Seeing that there were still many questions and concerns about ERM, Gates, Nicolas, and Walkers which are all CPAs designed a survey of corporate ERM practices to actually study the practical value side of ERM. The survey was designed to address seven hypotheses about ERM to help many people with their concerns, and they were: objective setting, risk identification, risk reaction, oversight, information and communication, internal environment, management, and performance. The surveys also had asked and included the four control variables; the revenue, business control, country, and the ERM stage. So there were 1,000 surveys to send the audit and risk management executives.
Once these hypotheses were tested, the results showed many advantages for the use of ERM. All seven hypotheses were supported. Hypothesis one was tested and proven right, it verified that organizations that actually take the time to line up their objectives along with their risks are better at seeing the potential risk. Hypothesis two was also supported in the surveys.
It was stated and confirmed that firms will know how to react to risks if they have already did their research and identified them. By doing this, it will make it easier on a firms. If problems occur, firms are able to come up with many strategies to handle them. With hypothesis three the firm have established objectives, stated the risks, developed a reaction, and now they can control activities and monitoring procedures. This “oversight” phase is typically the policies and procedures the company uses to manage and monitor the risk.
Hypothesis three and four supports each other. As the oversight improves policies and procedures, hypothesis four “information and communication” improves. With using the correct policies and procedures, it allows better communication to flow throughout the company. The management teams and employees will be better informed about the risk.
This hypothesis now links to the fifth hypotheses. With good information and communication you will definitely have a good internal environment. A good internal environment entails a very clear and define mission and vision stated, job descriptions, and ways to available risk information. You always want to manage a good internal environment to receive better and more services from clients.
The first five hypothesis help lead up to the sixth hypothesis, with improved internal environment managers will be able to make much better decisions for their employees and also as a manager whole themselves accountable. As a manager, you should want the best for your employees by making sure they are following correct procedures. Finally, the seventh hypothesis stated with better management you will have a better performance. When everyone is working hard together by following policies and procedures and communicating well, you will see a better performance. Overall the survey indicates that ERM is very effective when properly implemented.
However, the expense side of ERM is very expensive but is worth it. With the positive results of this survey, it should offer and encourage others who are thinking of trying ERM. After these results are viewed and showed, the value of implementing an ERM process can be seen as improved management and improved performance. In other words, having an ERM process makes management better for your organization.
It can lead to a better management style, better decision making, and holding managers more accountable. As we just learned the implementation of an ERM program also has implication for accountants. The framework for ERM was released by the Committee of Sponsoring Organizations (COSO) where the internal auditors were offering consulting services. Having an internal auditor that actually engages in ERM can definitely bring value to the organization; however there is also risk that it can lead to as well. I think the risk would be the auditor may get too involve in the ERM process and the auditor may record properly by not focusing on the risk procedures.
Auditors have to be very careful to no get too involved in the ERM process. All auditors have to effectively evaluate an organization. Here are just a few benefits you will receive from implementing ERM:1. You will receive consistent and responses to all risk. 2.
Allows you (your company) to react quickly to risk. 3. Gives your company the advantage to take a longer term outlook on risk. 4.
Allows the decision making to actually be based on a clear and better understanding of the risks. 5. Involves proactive risk management, as opposed to reactive risk control (baxterbruce). 6.
Gives you a much greater awareness between risk and returnRisk management is very important to any organization not only CPA firms. You can found risk in an entire firm to an individual auditor. When dealing with risks you must identified properly and handled all risk with care so there want be any other major issues or concerns to occur. Risk Management is steady growing worldwide and requires training and attentiveness. Being a CEO or CFO or in higher management, you will find that this can be very overwhelming and stressful when dealing with risk management. Our 2015 Global Risk Management survey had responses from over 1,400 risk management professionals in over 60 countries, it shows how different companies handling the new risks but differing on how they rank and how best to address them (aon).
Companies were being threatened and many companies’ reputation and well as business leaders was being validated. It is the CFO job and responsibility to make sure that all their managers are getting proper training and it is also their job to make sure that certain risk management activities are in place. You have to start within, and that is with most things in life. You have to make sure your inside in good better dealing with the outside.
With that being said make sure your managers and employees as well as yourself are following the correct policies and procedures and make sure you have good internal control. As hypothesis seven states you want to see and have good performance. At first risk management can be discouraging for many organizations but after doing my research, studies have shown many advantages the ERM system have. This system could possibly save you headache, time, and money late on. Furthermore, some forms of the ERM are a requirement for the SEC now, to make sure everything is carried out and reported correctly.
The framework ERM systems definitely have some values and advantages to offer each firm. Just like any other system the ERM should be evaluated and check periodically to ensure it stays effective for assessing risk. As we all is aware, things does change and by checking it, it’ll help stay up to date. Risk management is something that will never end as problems and threats will always arise and it is totally up to the organization how to handle them or carry the right systems that will actually help them prepare for problems that may occur. As I stated above, ERM can be valuable to any organization.
After doing my research I would strongly encourage all organization to get the ERM to help monitor your business. In order to have your employees following the policies and procedures, your managers need to be great role models for them as well as your company. ERM helps with the controls on the inside to help you as an individual and company have a great performance.