Waterdrop logo

Wiebe Associates Logo

Tall buildings

Help Protect Your Business  ...  Help Grow Your Business
 

Home
Background
Protect
   Enterprise Risk Mgt.
Grow
Our Clients
 

 


 

 

 


 

 

 

 

 

 

 

 

 

 

 

 

 

      
 

ENTERPRISE RISK MANAGEMENT
Sarbanes-Oxley 

Sarbanes-Oxley (SOX), SEC oversight, and best practices highlight the need for public corporations to be concerned about risk management, governance, and controls.  The Board of Directors must document that the enterprise strategy and operations anticipate events that create uncertainty and business disruption.  SOX defined Audit Committee responsibilities include ensuring structures for risk identification and mitigation.  This structure is the process of Enterprise Risk Management (ERM) and includes the following:

  • Identify portfolio of risks, highlight systemic critical risks - low frequency high impact events
  • Quantify:
    • Potential for business disruption and
    • Risk tolerance      
  • Respond to reduce risks
  • Monitor compliance with risk minimization strategies.
  • Control cost of risk
  • Improve share holder value

ERM is an integrated risk management solution aligning strategy, people, processes and technology for the protection of the enterprise and it’s shareholders.  It includes pre-event, post event and contingency planning.  

ERM is dynamic and, in the context of the enterprise’s strategic direction, include action plans which form the central link between risk identification and ongoing active management of risks.  Such plans are periodically reviewed to assure they are appropriate to changes in the environment and the enterprise and become a core responsibility of line, business and corporate managers. 

The corporate risk function assures that appropriate resources are being allocated to the set of solutions identified.

 The process for developing an ERM system:

  • Examine entire enterprise portfolio of risks,
  • Including: financial, strategic, regulatory, hazard and operational
  • Develop recommendations to manage and balance risks and
  • Monitor changes in the environment and the enterprise

Risks are typically classified into 3 aspects and examples are described below:

3 aspects of risks

and more ...

The work steps include:

  • Risk identification, classification and database construction,
  • Quantification of risk, statistical expected value (ex; number of overheated   laptop batteries),  and potential impact
  • Development of:
    • Action plans for risk mitigation
    • Key Risk Indicators (KRI’s)
    • Management processes for KRI’s
    • Risk Reporting – format to ensure appropriate and timely risk response
    • Implementation planning
    • Adjustments for environmental and enterprise changes  

The alternative to ERM, crisis management, is much more expensive and exposes the personal liability and assets of members of the board.

  
     
 

 

Telephone:  (914) 261-8240

 
     

Created by Kaufman Web Consulting,LLC 2005 ~ All rights reserved.