This is “Enterprise Risk Management: The Board’s New Tool”, section 6.7 from the book Governing Corporations (v. 1.0).
This book is licensed under a Creative Commons by-nc-sa 3.0 license. See the license for more details, but that basically means you can share this book as long as you credit the author (but see below), don't make money from it, and do make it available to everyone else under the same terms.
This content was accessible as of December 29, 2012, and it was downloaded then by Andy Schmitz in an effort to preserve the availability of this book.
Normally, the author and publisher would be credited here. However, the publisher has asked for the customary Creative Commons attribution to the original publisher, authors, title, and book URI to be removed. Additionally, per the publisher's request, their name has been removed in some passages. More information is available on this project's attribution page.
For more information on the source of this book, or why it is available for free, please see the project's home page. You can browse or download additional books there. You may also download a PDF copy of this book (527 KB) or just this chapter (86 KB), suitable for printing or most e-readers, or a .zip file containing this book's HTML files (for use in a web browser offline).
Whereas traditional risk managementA traditional approach that focuses on protecting a company’s tangible assets and the related contractual rights and obligations. approaches focus on protecting a company’s tangible assets and the related contractual rights and obligations, the scope of a new approach called Enterprise Risk Management (ERM)A risk management approach that is more structured and strategic than traditional risk management. ERM is aimed at enhancing and protecting a company’s tangible and intangible assets on an enterprise-wide basis. is much broader. ERM, discussed in greater detail in Chapter 14 "Appendix C: Enterprise Risk Management: Ask the Board ", is more than crisis management or regulatory compliance. It is a tangible and structured approach to addressing organizational and financial risk. It is strategic in focus, aimed at enhancing and protecting a company’s tangible and intangible assets on an enterprise-wide basis. Its basic premise is that uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives.For a more detailed discussion of this subject, see Waller, Lansden, Dortch, and Davis (2005) and Chapter 14 "Appendix C: Enterprise Risk Management: Ask the Board ".
Although the management of a company is ultimately responsible for a company’s risk management, the board of directors must understand the risks facing the company and oversee the risk-management process. Best practice suggests that board committees should incorporate risk management into their charters. A company’s governance and nominating committee, for example, can ensure that the company is prepared to deal with risks and crises by evaluating the individual capabilities of the directors, nominating directors with crisis-management experience, and considering the time each director and nominee has to devote to the company. The governance and nominating committee should also work with management to establish an orientation program for new directors and succession plans for key executive officers.
More commonly, however, corporate governance guidelines delegate the responsibility for risk management to the audit committee. Alternatively, a company may appoint a risk-management officer, form a risk-management committee, or assign responsibility to a finance or compliance committee of the board. The responsible committee or group should meet regularly with the company’s internal auditor, the chief financial officer, the general counsel, and the head of compliance and individual business units to discuss specific risks and assess the effectiveness of the company’s risk-management systems.