Enterprise Risk Management (Portfolio 5303)

This Portfolio, Enterprise Risk Management, analyzes a methodology that companies of all sizes can adopt to identify, assess, and manage risk. 

Price: $400 Print


This Portfolio is part of the Accounting Policy and Practice Series, an essential resource including more than 70 accounting Portfolios and the latest news and developments.



This Portfolio, Enterprise Risk Management, analyzes a methodology that companies of all sizes can adopt to identify, assess, and manage risk. Companies increasingly operate in a volatile business environment. Accordingly, managing risk must take an enterprise-wide perspective, focusing on strategic, operational, and financial risks in addition to the traditional attention to hazard risk. While enterprise risk management is not a mathematical exercise, the measurement of risk is important. The Portfolio examines various assessment approaches, from qualitative to quantitative. The Portfolio discusses how enterprise risk management can be integrated with other management initiatives such as strategic planning, merger and acquisition evaluations, the balanced scorecard, budgeting, internal auditing, crisis management, and corporate governance.
Other Portfolios in the Accounting Policy and Practice Series separately analyze these other initiatives. The Sarbanes-Oxley Act created new requirements for risk management disclosures related to financial reporting. In addition, the Securities and Exchange Commission has required registrants to disclose more information on risk factors of their business. The Portfolio discusses these and other regulatory requirements and how companies can employ ERM in complying with them. Enterprise risk management is not merely a United States phenomenon; companies in other countries are advanced in their implementation of it. The Portfolio examines the regulatory requirements and disclosures for a number of these countries.
This Portfolio may be cited as BNA Tax and Accounting Portfolio 5303, Shenkir and Walker, Enterprise Risk Management (Accounting Policy and Practice Series).

Buy Enterprise Risk Management (Portfolio 5303) now


William G. Shenkir, B.B.A., Texas A&M University; M.B.A., Ph.D., University of Texas at Austin; CPA Texas; Member: American Institute of Certified Public Accountants, American Accounting Association. Former technical advisor and project director for Financial Accounting Standards Board; Former Dean of the McIntire School of Commerce; Past President of the American Assembly of Collegiate Schools of Business. Contributor to more than 50 journal articles; more than 100 presentations before professional and academic groups; edited or co-authored seven books. Former member Board of Directors of Dominion BankShares Corp. and First Union National Bank-Mid-Atlantic Region; currently serving on Board of Directors of ComSonics, Inc.

Paul L. Walker, B.B.A., University of Texas—Arlington; Ph.D., University of Colorado—Boulder; Member: American Institute of Certified Public Accountants, AICPA Risk Task Force, American Accounting Association. Advisor and Consultant on Enterprise Risk Management (ERM) to: Committee of Sponsoring Organizations and other organizations. Coauthor of ERM books: Making Enterprise Risk Management Pay Off: How Leading Companies Implement Risk Management and Enterprise Risk Management, Pulling It All Together.


Detailed Analysis

I. Introduction, Background, and Scope of Portfolio

A. General

B. From Silos to Integrated Risk Management

1. Traditional Approach

2. Emergence of a New Paradigm

3. COSO Framework

C. Risk and Enterprise Risk Management Defined

D. General Classification of Risk

E. Growing Importance of Enterprise Risk Management

F. Scope and Contents of Portfolio

II. Foundational Elements of Enterprise Risk Management

Introductory Material

A. Introduction

B. Establishing the Context

1. Tone at the Top

2. Risk Philosophy and Appetite

3. Integrity and Ethical Values

4. Establishing Risk Infrastructure

C. Objective Setting

1. Importance

2. Key Questions

3. Risk Appetite

D. Risk Identification

1. Brainstorming

2. Interviews and Self-Assessment

3. Facilitated Workshops

4. SWOT Analysis

5. Risk Questionnaires

6. Risk Frameworks and Loss Event Data

7. Technology

8. Scenario Analysis

9. Other Techniques

E. Risk Assessment

1. Risk Maps

2. Quantitative Assessments

3. Inherent and Residual Risks

F. Risk Response or Risk Treatment

1. Avoid

2. Reduce

3. Share

4. Accept

5. Using a Risk Map to Illustrate the Effect of Treatment Options

G. Control Activities

H. Communication and Monitoring

1. Communication

2. Monitoring

III. Risk Measurement

Introductory Material

A. Importance of Measuring Risk

1. Company Perspectives

2. Examples

B. Risk Awareness

C. Methods of Measuring Risk

1. Qualitative Versus Quantitative

2. Risk Assessment

3. Impact and Probability

4. Risk Maps

a. Relationships to Other Techniques

b. Advantages

c. Limitations

5. Tornado Charts

6. Gain/Loss Curves

7. Aggregated Risk Adjusted Revenues

8. Operational Risk Assessment and Measurement

a. Net Present Value

b. Measuring Progress

9. Probabilistic Models

D. A Return to Strategy and Objectives

E. Limitations of Risk Measurement

IV. Integrating Enterprise Risk Management With Ongoing Management Activities

A. Importance of the Integration Process

B. Linking Enterprise Risk Management and Strategic Planning

1. Examples of Strategic Risks

a. Industry Margin Squeeze

b. Technology Shift

c. Brand Erosion

d. One-of-a-Kind Competitor

e. Customer Priority Shift

f. New-Project Failure

g. Market Stagnation

2. Incorporating Enterprise Risk Management Into the Merger and Acquisition Process

3. Identifying Strategic Risks

C. Linking Enterprise Risk Management to the Balanced Scorecard (BSC)

1. Basic Balanced Scorecard

2. Linking Strategy to Measures (Metrics)

3. Integrating the Balanced Scorecard and Enterprise Risk Management

D. Linking Enterprise Risk Management to the Budgeting Process

E. Linking Enterprise Risk Management and Internal Auditing

1. Paradigm Shift in Internal Auditing

2. The Role of Internal Auditing in Enterprise Risk Management

3. Internal Audit Benefits From Enterprise Risk Management

F. Linking Enterprise Risk Management With Crisis Management or Business Continuity Planning

1. Defining Crisis

2. Crisis Escalation

3. Preparing for a Crisis

a. Avoiding the Crisis

b. Preparing to Manage the Crisis

c. Recognizing the Crisis

d. Containing the Crisis

e. Resolving the Crisis

f. Profiting From the Crisis

G. Linking Enterprise Risk Management With Corporate Governance

1. Enterprise Risk Management Improves Corporate Governance

2. Board Responsibility for Enterprise Risk Management

3. Other Enterprise Risk Management Contributions

V. Enterprise Risk Management and Regulatory Requirements

A. Introduction

B. The Sarbanes-Oxley Act

1. Section 302 of Title III and "Disclosure Controls and Procedures"

a. Disclosure Controls and a Chief Risk Officer

b. Disclosure Controls and Operational and Regulatory Risk

2. Section 409 of Title IV

3. Section 404 of Title IV

C. The Public Company Accounting Oversight Board (PCAOB) and Auditing Standards

1. Risk Assessment Component

2. Control Environment Component

D. New York Stock Exchange Requirements

E. Securities and Exchange Commission Registrant Risk Disclosures

1. Proxy Statement Disclosures Regarding Board Responsibility for Risk

2. Management's Discussion and Analysis and Risk Related Disclosures

3. Risk Disclosures for Securities and Exchange Commission Registrants

F. Applicability of Risk Regulations and Disclosures to Non-Securities and Exchange Registrants and Non-Profit Organizations

G. Conclusion

VI. International Frameworks and Regulations Related to Enterprise Risk Management

A. Relevant International Initiatives

B. United Kingdom

1. The Combined Code on Corporate Governance

2. Turnbull Guidance

3. Turnbull Guidance: Maintaining a Sound System of Internal Control

4. Turnbull Guidance: Reviewing the Effectiveness of Internal Control

5. Turnbull Guidance: The Board's Statement on Internal Control

6. Turnbull Appendix: Assessing the Effectiveness of the Company's Risk and Control Processes

7. A Comparison of Turnbull and COSO

8. Sample Annual Report Using the Combined Code and Turnbull Guidance

C. European Union (EU) 8th Directive

D. South Africa

E. Australia

1. Australian Stock Exchange Requirements

2. Australia/New Zealand Standard on Risk Management

3. Australian Disclosure Examples

4. Audit and Risk Committee Charter

5. Risk Management Policy Disclosures

6. Survey of Australian Risk Disclosures

VII. Assessing Enterprise Risk Management in a Globally Competitive Market

A. Perspectives

B. Global Investors' Views on Risks

C. Satisfaction With Enterprise Risk Management Team

D. Model of Enterprise Risk Management Maturity

E. Assessing the Enterprise Risk Management Process

Working Papers



Worksheet 1 COSO Enterprise Risk Management Framework

Worksheet 2 COSO Enterprise Risk Components

Worksheet 3 Treasury Board of Canada Secretariat-Risk Management Process and Related Activities

Worksheet 4 Australia/New Zealand Standard-Risk Management Process-Overview

Worksheet 5 Risk Identification Techniques

Worksheet 6 Risk Identification Templates

Worksheet 7 Business Risk Model™ - A Common Language

Worksheet 8 Industry Risk Portfolio

Worksheet 9 Risk Map (Example 1)

Worksheet 10 Risk Map (Example 2)

Worksheet 11 Risk Map (Example 3)

Worksheet 12 E-Business Risk Map (Example 4)

Worksheet 13 Risk Map (Example 5)

Worksheet 14 Qualitative and Quantitative Approaches to Assessment and Measurement

Worksheet 15 Brainstorming Output

Worksheet 16 Functional Risk Assessment Summary

Worksheet 17 Aggregating Risks

Worksheet 18 Earnings Variability by Key Factor

Worksheet 19 Gain/Loss Probability Curve

Worksheet 20 Actual Versus Risk Corrected Revenues

Worksheet 21 Portfolio Analysis at the Product Level Identifies the Risk for All Supply Sources for Each Marketed Product

Worksheet 22 Mean PV Loss by the Supply Base

Worksheet 23 Modeling the Value of Each Investment Option in Mitigating Loss Identified the Highest NPV

Worksheet 24 ID Bottom Line Contribution Inventory Turns (Fictional Data)

Worksheet 25 Determining the Risk - Where's the Volatility? (Fictional Data)

Worksheet 26 Earnings at Risk by Risk Factor (Fictional Data)

Worksheet 27 Expected Earnings and EaR for Budget Year 2000 (Fictional Data)

Worksheet 28 Probability Assessment of Earnings Outcomes (Fictional Data)

Worksheet 29 Risk by Objective

Worksheet 30 Strategic Risk and Countermeasure Summary

Worksheet 31 Risk Management in Acquisitions

Worksheet 32 Balanced Scorecard (BSC)

Worksheet 33 Linking Measurement to Strategy

Worksheet 34 The Balanced Scorecard Defines a Strategy's Cause-and-Effect Relationships

Worksheet 35 Balanced Scorecard and Strategic Risk Assessment

Worksheet 36 Make Strategy and Enterprise Risk Management a Continual Process

Worksheet 37 Risk/Crisis Acceleration

Worksheet 38 Critical Incident Management

Worksheet 39 Example Certifications Required by the SEC

Worksheet 40 IBM's Disclosure Control and Procedures Statement

Worksheet 41 Call for Risk Assessment by IBM Shareholder

Worksheet 42 Canada Post Corporation: Risks and Materiality

Worksheet 43 IBM Management's Report on Internal Control

Worksheet 44 Microsoft's Auditor's Opinion

Worksheet 45 COSO's Internal Control Integrated Framework

Worksheet 46 Voluntary Risk Disclosures by Tollgrade

Worksheet 47 Item 1A Hewlett-Packard Risk Factor Disclosures

Worksheet 48 Risk Disclosures in the United Kingdom

Worksheet 49 Auditor's Report in the United Kingdom

Worksheet 50 Risk Committee Disclosure in South Africa

Worksheet 51 Governance and Risk Disclosure in Australia

Worksheet 52 Risk Committee Charter

Worksheet 53 Risk Management Policy

Worksheet 54 Business Week's Risky Business Score

Worksheet 55 Enterprise Risk Management Disclosure Checklist

Worksheet 56 Enterprise Risk Management Questions Board Members Should Ask of Senior Management

Worksheet 57 Risk Committee Feedback Questionnaire

Worksheet 58 Enterprise Risk Management Maturity Model

Worksheet 59 Enterprise Risk Management Assessment Process



Statutes and Regulations:

Securities and Exchange Commission:

Public Company Accounting Oversight Board:



Periodicals and Newspaper Articles