Information Management And Future Of Governance

Enterprise Risk Management

Corporations are rethinking their strategies towards the management of risk in the future to effectively comply with the Sarbanes Oxley Act. Increasingly, companies are implementing Enterprise Risk Management Systems and employing Chief Risk Officers to govern their strategies for risk across the enterprise. Companies do not any longer want to be taken by surprise and incur losses as they are hit by unexpected events. They now realize that their ability to manage risks depends on anticipating risks, detecting their risks more effectively by looking at them in all its inter-dependence and fortifying their systems to withstand shocks. Some of the more sophisticated corporations, such as Microsoft and Boeing, implemented such systems in the past, independent of regulatory policy, while other companies are following in their steps under pressure from new laws such as Sarbanes Oxley, Basel II, etc. A recent survey indicates that 50% of financial executives believe that they integrate their SOX compliance with Enterprise Risk Management. This best practice has been spelled out, in all its details, in the seminal document of the Committee of the Sponsoring Organizations of the Treadway Commission on the subject.

The conceptual breakthrough that under girds the new approach to risk management is the realization that business risks, financial risk and operational risk feed on each other and compound the impact of any one type of shock to a company. Operational risk, such as fraud in the company, can create a liquidity crisis for the company. Similarly, business risk, such as loss of intellectual property from outsourcing of business processes overseas, could lead to bankruptcy of a company. The vulnerability of companies has increased with the growing reliance on sophisticated financial instruments, an extended enterprise and information technologies. Increasingly, companies realize that they need to create a culture in which employees at all levels respond to unnoticed sources of risk in any corner of the enterprise and communicate it to the rest of the organization. This is facilitated by Enterprise Risk Dashboards which help to communicate potential threats to the company and galvanize organizations to react rapidly before a crisis goes out of control.

An example of enterprise wide management of risks is the case of TriQuint Semiconductor Inc., a illsboro, Ore.-based supplier of communications components and modules. As part of its compliance effort, TriQuint is conducting a risk assessment of all the business processes that affect its balance sheet and income statement. That evaluation is helping the company uncover latent risk across all its five divisions. TriQuint's combined Sarbanes-Oxley and ERM efforts have helped it to gain insight into risks in the businesses it acquires. Typically, mergers fail when the cultures of two different companies clash. TriQuint has made several acquisitions in recent years, and some of those businesses have operations outside the United States. The company has been able to identify and discuss the risks new acquisitions face, including exposures related to specific cultural and regulatory environments.

Sarbanes Oxley ensures that the senior executives have greater responsibility as well as the means to meet them. Thus, the directors of boards of companies will have direct access to company information and their committees will have independent oversight over important matters such as executive compensation, selection of auditors and governance policy. In turn, the directors will have greater exposure to liability for any negligence in the management of companies. Similarly, the chief executives will now be responsible for not only the strategic direction of the company but also its operational effectiveness. Their hands will be strengthened by additional support they will receive from the board of directors for strategic planning. In addition, they will also receive much more detailed information about their companies than was possible in the past.

Sarbanes Oxley provides for checks and balances that were not available in the past. Whistleblowers will now have greater protection of the law as well as the opportunity to report fraud in their companies. Similarly, the auditors of companies have to report to the independent audit committees.

Above all, Sarbanes Oxley seeks to make companies more transparent and vigilant by requiring the reporting of all their operational risks as well as the internal controls put in place to monitor them. Any material change in the monitoring of risks has to be reported to the shareholders in real time.

Overall, the Sarbanes Oxley seeks to focus the attention of companies on fortifying their companies by anticipating risks, all across the enterprise, and to take preemptive action to guard against the damage that they could wreak. The bedrock of this model of governance would be the business intelligence infrastructure that will help companies to receive information. This information will be more widely shared among the executives, shareholders and the board of directors. All the stakeholders in the company will have both the opportunity and the resources to put all their minds together to effectively manage their companies.

Next >> Chief Risk Officer

Featured Links: