This year's Institute of Risk Management lecture focused on messages coming from the recent World Economic Forum in Davos. I don't think attendees left filled with joy that our leaders are sure the downturn is ending anytime soon - but there were certainly some important points risk managers should take to heart.
Dr Gareth Shepherd, the speaker, made it clear that there would be closer attention to corporate governance and risk management - "not just box ticking", with world leaders personally angry with the people who brought on the economic crisis. We are already seeing measures filter through like the SEC ruling in the US.
Shepherd's advice to risk managers was to understand, even more closely, how the CFO is thinking and to "monetize" risk so that it could make it onto the board agenda and be discussed in a meaningful, standardized way. My own view is that the effectiveness of attaching a financial value to all types of risk will depend on the maturity of the board-level risk debate. If the risk and opportunity debate isn't a fixture of discussions then putting a $ value to risks will certainly grab some attention - but when risk debate is embedded in an organization then the discussion can be more nuanced pulling in topics like reputational risk which may be harder to monetize.
Showing posts with label SEC. Show all posts
Showing posts with label SEC. Show all posts
Tuesday, 2 March 2010
Tuesday, 23 February 2010
Trends in enterprise risk management to support greater transparency
In my role at STG I get to see how many organizations are rolling out risk management across their businesses. One trend that's emerging is a definite swing away from taking a specific project or division to focus on as an ERM pilot.
An increased requirement for transparency - evidenced by the recent SEC rule 33-9089 - and a need to risk-adjust business plans and forecasts to aid certainty, means that many organizations are looking at an immediate 'lite-touch', enterprise-wide risk management approach.
You could liken it to taking the pulse of the organization - rather than to giving a top-to-toe examination of just one part of the business - and missing the symptoms elsewhere which might kill you.
The lite-touch approach will provide an enterprise-wide health check relatively quickly which will highlight the areas which need more focus. However it does have implications for information sharing, buy-in and cultural change. But in today's climate this seems like an infinitely sensible approach - as a first step - but you will still need to follow up to join up the top-down and bottom-up to cover all levels in the organization. Only when this is done will you increase the probability of detecting emerging risks.
An increased requirement for transparency - evidenced by the recent SEC rule 33-9089 - and a need to risk-adjust business plans and forecasts to aid certainty, means that many organizations are looking at an immediate 'lite-touch', enterprise-wide risk management approach.
You could liken it to taking the pulse of the organization - rather than to giving a top-to-toe examination of just one part of the business - and missing the symptoms elsewhere which might kill you.
The lite-touch approach will provide an enterprise-wide health check relatively quickly which will highlight the areas which need more focus. However it does have implications for information sharing, buy-in and cultural change. But in today's climate this seems like an infinitely sensible approach - as a first step - but you will still need to follow up to join up the top-down and bottom-up to cover all levels in the organization. Only when this is done will you increase the probability of detecting emerging risks.
Labels:
33-9089,
enterprise risk management,
ERM,
SEC,
software,
transparency
Subscribe to:
Posts (Atom)