The risks the enterprises face today are not only related to the loss of revenue but also include strategic risk, environmental risk, market risk, credit risk, operational risk and compliance risk. The interest in Enterprise Risk Management (ERM) has increased in recent years. Boards must acknowledge that increased risk management rigor and structure are increasingly expected by regulators, credit rating agencies, institutional investors, customers and the courts. Managing risk well has become a key element of sustained business success.
Boards are often told of hundreds or even thousands of control deficiencies from spot in time reviews which report Top 10 or Top 20 control deficiencies drawn from the risk register rather than key business objectives that have the highest risk exposures. Many boards are grappling with the need to transition from managing risks with limited formal and visible processes and structures. The Board should demand regular reports on the current residual risk status of strategic and core business objectives.
A stove pipe control centric approach that is based on invariably disintegrated small portions of enterprise risk universe and provide disintegrated subjective opinions on control effectiveness amongst various enterprise risk professionals and often whose materiality is always questioned by the audit and risk committee will quicken the demise of an enterprise.