Expert answer:Enterprise Risk Management Leadership

Expert answer:Enterprise Risk Management Leadership & CultureLeadership and Culture(Minimum of 750 words for each question, this excludes the reference section at the bottom from your word count. You are also required to use a minimum of FOUR scholarly external sources references. Use proper APA guidelines, you only have to make reference to the author and year of publication in your in-text reference, but APA guidelines encourage you to also provide the page number. Failure to do so will result in an incomplete with 0 points for the question)Explain two specific enterprise risk management strategies that a Board of Directors would use to delete their responsibilities of ERM. (750 word minimum)Explain the meaning of the phrase “companies must incur risk in order to run their business and maximize returns for stakeholders.” Give two specific examples. (750 word minimum)
enterprise_risk_management_leadership___culture.docx

https___vcampbethel.blob.core.windows.net_public_courses_hrm_540_unit_2_read.pdf

Unformatted Attachment Preview

Enterprise Risk Management Leadership & Culture
Leadership and Culture
(Minimum of 750 words for each question, this excludes the reference section at the bottom from
your word count. You are also required to use a minimum of FOUR scholarly external sources
references. Use proper APA guidelines, you only have to make reference to the author and year
of publication in your in-text reference, but APA guidelines encourage you to also provide the
page number. Failure to do so will result in an incomplete with 0 points for the question)
1. Explain two specific enterprise risk management strategies that a Board of Directors would
use to delete their responsibilities of ERM. (750 word minimum)
2. Explain the meaning of the phrase “companies must incur risk in order to run their business
and maximize returns for stakeholders.” Give two specific examples. (750 word minimum)
P1: OTA/XYZ
P2: ABC
c04
JWBT177-Simkins
October 24, 2009
9:17
Printer Name: Hamilton
CHAPTER 4
The Role of the Board
of Directors and Senior
Management in Enterprise
Risk Management
D
A
BRUCE C. BRANSON
Professor of Accounting and Associate Director,
North Carolina State University
I
Enterprise Risk Management Initiative
L
Y
,
INTRODUCTION
R
The oversight of the enterprise risk management
(ERM) process employed by an
Y
organization is one of the most important and challenging functions of a corpoA senior management of the company,
ration’s board of directors. In concert with
the board must establish the appropriate “tone
N at the top” to ensure that risk and
risk management considerations remain at the forefront of strategic and operating
decisions made within the business. The 2008–2009 global financial crisis and the
rapidly deteriorating global economy has2created a context in which companies
now face risks that are more complex, more interconnected, and potentially more
6
devastating than ever before. Failure to adequately
acknowledge and effectively
manage risks associated with decisions being
7 made throughout the organization
can and often do lead to potentially catastrophic results.
We need look no further than to the5current status of the financial services
sector to observe the devastation associated
B with poorly monitored and managed
risk taking. Risks associated with credit quality, liquidity, market disruptions, and
U
reputation have all contributed to unprecedented bankruptcies, bank failures, federal government intervention, and rapid (and forced) consolidation within the
industry. The fallout from this financial cataclysm spread quickly to the broader
economy, as companies in almost every industry have suffered from the effects
of a global credit freeze, dramatic reductions in consumer demand, and extreme
volatility in commodity, currency, and equity markets.
The perception that aggressive and unchecked risk taking has been central to
the breakdown of the financial and credit markets has led to increased legislative
and regulatory focus on risk management and risk prevention. In this environment,
boards and companies must be aware that regulators and the legal system may apply new standards of conduct, or reinterpret existing standards, to increase board
51
Copyright ©2010 John Wiley & Sons, Inc.
P1: OTA/XYZ
P2: ABC
c04
JWBT177-Simkins
52
October 24, 2009
9:17
Printer Name: Hamilton
Overview
responsibility for risk management. Boards cannot and should not be involved
in the actual day-to-day management of risks encountered by the companies they
serve. The role of the board is to ensure that the risk management processes designed and implemented by senior executives and risk management professionals
employed by the company act in concert with the organization’s strategic vision, as
articulated by the board and executed by senior management. As well, the board
must exercise significant oversight to be confident that risk management processes
are functioning as designed and that adequate attention is paid to the development
of a culture of risk-aware decision making throughout the organization.
By actively exercising its oversight role, the board sends an important signal to the company’s senior management and its employees that corporate risk
management activities are not roadblocks to the conduct of business nor a mere
D ERM can and should become an inte“check-the-box” activity. Executed properly,
gral component of the firm’s corporate strategy,
A culture, and value-creation process.
The board can provide direction and support for the ERM effort, but without one
I leadership, most ERM programs are
or more risk champions within the executive
destined to fail. Thus, there is a shared responsibility
between the members of the
L
board and the senior management team to nurture a risk-aware culture in the orY within an appetite for risk that aligns
ganization that embraces prudent risk taking
with the organization’s strategic plan.
,
The company’s ERM system should function to bring to the board’s attention the company’s most significant risks and allow the board to understand and
evaluate how these risks may be correlated,
R the manner in which they may affect
the company and management’s mitigation or response strategies. It is critically
Y
important for board members to have the experience, training, and intimate knowlA meaningful assessments of the risks
edge of the business required in order to make
that the company encounters. The board must
N also consider the best organizational
structure to give risk oversight sufficient attention at the board level. In some companies, this has driven the creation of a separate risk management committee of
the board. For other organizations, it may
2 be reasonable for these discussions of
risk to occur as a regular agenda item for an existing committee such as the audit
6 the full board level. No one size fits all,
committee, enhanced by periodic review at
but it is vitally important that risk management
oversight be a board priority.
7
This chapter addresses the proper role of the board of directors in corporate risk
5
management. It identifies the legal and regulatory
framework that drives the risk
oversight responsibilities of the board. It also
clarifies
the separate roles of the board
B
and its committees vis-à-vis senior management in the development, approval, and
U
implementation of an enterprise-wide approach
to risk management. Finally, the
chapter explores optimal board structures to best discharge their risk oversight
responsibilities.
GOVERNANCE EXPECTATIONS FOR BOARD
OVERSIGHT OF RISK MANAGEMENT
The risk oversight responsibility of boards of directors is driven by a variety of
factors. These factors include the fiduciary duty owed to corporate shareholders,
which is a function of state law; U.S. and foreign laws and regulations such as the
Copyright ©2010 John Wiley & Sons, Inc.
P1: OTA/XYZ
P2: ABC
c04
JWBT177-Simkins
October 24, 2009
9:17
Printer Name: Hamilton
THE ROLE OF THE BOARD OF DIRECTORS AND SENIOR MANAGEMENT IN ERM
53
recently enacted Emergency Economic Stabilization Act of 2008 (EESA) and the
Sarbanes-Oxley Act; New York Stock Exchange (NYSE) listing requirements; and
certain established corporate best practices. As well, the risk of damage to corporate
reputation from shareholder activism or adverse media coverage for companies
believed or found to possess inadequate risk management capabilities also strongly
contributes to the desirability of sound risk oversight by corporate boards.
The Delaware courts (which serve to establish law for a wide swath of corporate
America) have developed guidelines for board oversight responsibilities through
a series of court cases that have dealt with purported violations of the fiduciary
duties of care and loyalty that are owed to the company by members of the board.
The Delaware Chancery Court has stated1 that director liability for a failure of
board oversight requires a “sustained or systemic failure of the board to exercise
oversight—such as an utter failure to assureDa reasonable information and reporting
system exists.” To avoid liability, boards A
should ensure that their organizations
have implemented comprehensive monitoring systems tailored to each category
I these monitoring systems and make
of risk. The board should periodically review
inquiries of management as to their robustness.
The board should also consider
L
retaining outside consultants for an independent assessment of the adequacy of
Y The company’s general counsel may
the methodology that has been implemented.
also be utilized to provide an assessment,as to whether the board has effectively
fulfilled their oversight responsibility for the ERM program.
The board should be especially sensitive to so-called “red flags,” or violations
of existing risk limits established by the risk
R management team. These violations
must be investigated by the board or delegated to the appropriate manager for
Y
investigation, and the board should document their actions in minutes that accuAthe board in reviewing the deviation
rately convey the time and effort spent by
from established policies. To preserve theirN
liability shield, boards must ensure that
the monitoring system in place includes reports on significant regulatory matters
(such as fines that have been levied against the company), that may be used as
evidence in shareholder litigation. The board
2 should treat such a report as a red
flag and investigate appropriately.
6 recently appeared in two important
Corporate risk management issues have
examples of federal regulatory oversight—the
7 EESA and the Sarbanes-Oxley Act.
Also, companies with foreign operations must be cognizant of the legal requirements in each of the locales in which they 5
do business. Whether or not a particular
piece of legislative rule making that relatesBto risk management directly applies to
the company and board, such laws and regulations will undoubtedly influence the
Uthe current environment and enhanced
activities that a company undertakes. Given
focus on risk management and risk oversight, a failure by the board to adequately
oversee a system of compliance with legal requirements can raise issues under
state law with respect to the board’s fiduciary duties, but also can provide opportunities for litigators to highlight such failures in other claims against the company
and board, such as tort liability or even criminal liability. It is imperative that the
board is aware of all material legal requirements applicable to the company, and
the company should take care to include these risks in the development of their
ERM program.
The most recent example of federal legislation that includes an explicit focus
on risk management is the Troubled Asset Relief Program (TARP) contained in
Copyright ©2010 John Wiley & Sons, Inc.
P1: OTA/XYZ
P2: ABC
c04
JWBT177-Simkins
54
October 24, 2009
9:17
Printer Name: Hamilton
Overview
the EESA. The act requires that boards of financial institutions participating in the
TARP Capital Purchase Program (CPP) institute certain restrictions on executive
compensation that relate to corporate risk taking. Specifically, participants in the
TARP CPP must comply with the requirements illustrated in Box 4.1. Although
these requirements apply only to financial institutions participating in the CPP,
they do provide insight into federal concern over the issue of how compensation
programs may contribute to excessive risk taking. Because of this concern, companies that are not directly affected by these requirements should still consider
reviewing their compensation plans to determine whether the compensation
structure encourages excessive risk taking. To the extent that incentive compensation is externally viewed as a source of inappropriate risk, the interaction
between compensation and risk may inevitably find its way into other legislative
D a focus of shareholder activism and
and regulatory responses and/or become
undesirable media attention.
A
I
L
Box 4.1 Executive Pay Requirements
under
Y
the Troubled Asset Relief Program Capital
,
Purchase Program*
R of EESA for purposes of particiIn order to comply with Section 111(b)(2)(A)
pation in the program, a financial institution
Y must comply with the following
three rules:
A
(1) Promptly, and in no case more than 90 days, after the purchase under
N
the program, the financial institution’s
compensation committee, or a
committee acting in a similar capacity, must review the [senior executive
officer (SEO)] incentive compensation arrangements with such financial
2
institution’s senior risk officers, or other personnel acting in a similar ca6
pacity, to ensure that the SEO incentive
compensation arrangements do
not encourage SEO’s to take unnecessary and excessive risks that threaten
7
the value of the financial institution.
5
(2) Thereafter, the compensation committee,
or a committee acting in a
similar capacity, must meet at least
annually
with senior risk officers,
B
or individuals acting in a similar capacity, to discuss and review the relationship between the financial U
institution’s risk management policies
and practices and the SEO incentive compensation arrangements.
(3) The compensation committee, or a committee acting in a similar capacity, must certify that it has completed the reviews of the SEO incentive
compensation arrangements required under (1) and (2) above. These
rules apply while the Treasury holds an equity or debt position acquired
under the program.
*
Excerpted from Treasury Department Notice 2008-PSSFI.
Copyright ©2010 John Wiley & Sons, Inc.
P1: OTA/XYZ
P2: ABC
c04
JWBT177-Simkins
October 24, 2009
9:17
Printer Name: Hamilton
THE ROLE OF THE BOARD OF DIRECTORS AND SENIOR MANAGEMENT IN ERM
55
The Sarbanes-Oxley Act of 2002 imposes significant requirements on companies and their boards, including audit committee oversight of internal and
external auditors, certification of quarterly and annual financial statements and
periodic reports by the chief executive officer and chief financial officer, maintenance of well-functioning financial reporting and disclosure controls, enhanced
disclosure of financial measures not based on generally accepted accounting principles (GAAP), and a ban on personal loans to directors and officers. Although
not directly tied to the risk oversight responsibilities of boards, compliance with
Sarbanes-Oxley requirements involves risk management issues. As an example, in
determining the effectiveness of controls over financial reporting, or in the financial statement certification process, the company should focus on whether material
risks are identified and disclosed. In their review of the company’s compliance
D should make inquiries as to whether
with Sarbanes-Oxley requirements, the board
these risk management issues have been acknowledged.
A
The New York Stock Exchange (NYSE) imposes specific risk oversight obliI
gations on the audit committee of an NYSE-listed
company. These NYSE rules
require that an audit committee “discuss L
policies with respect to risk assessment
and risk management.”2 Box 4.2 provides an excerpt from the NYSE corporate
Y These discussions should address
governance rules germane to this requirement.
major financial risk exposures and the steps
, the board has taken to monitor and
R
Y
Box 4.2 Excerpt from the NYSE’s
2004
*
A
Final Corporate Governance Rules
N
Among numerous other responsibilities, duties, and responsibilities of the audit
committee include:
2
(D) Discuss policies with respect to risk assessment and risk management;
Commentary: While it is the job of 6the CEO and senior management to
assess and manage the company’s exposure
7 to risk, the audit committee must
discuss guidelines and policies to govern the process by which this is han5
dled. The audit committee should discuss the company’s major financial risk
B taken to monitor and control such
exposures and the steps management has
exposures. The audit committee is not required to be the sole body responsible
U
for risk assessment and management, but, as stated above, the committee must
discuss guidelines and policies to govern the process by which risk assessment
and management is undertaken. Many companies, particularly financial companies, manage and assess their risk through mechanisms other than the audit
committee. The processes these companies have in place should be reviewed in
a general manner by the audit committee, but they need not be replaced by the
audit committee.
*
“Final Corporate Governance Rules,” New York Stock Exchange (2004) www.nyse.com.
Copyright ©2010 John Wiley & Sons, Inc.
P1: OTA/XYZ
P2: ABC
c04
JWBT177-Simkins
56
October 24, 2009
9:17
Printer Name: Hamilton
Overview
control these exposures, including a general review of the company’s risk management programs. As the NYSE commentary indicates, the rules permit a company
to create a separate committee or subcommittee (often a separate risk committee
of the board) to be charged with the primary risk oversight responsibility. This
is subject to the need for the risk oversight processes conducted by that separate
committee or subcommittee to be reviewed in a general manner by the audit committee, and for the audit committee to continue to discuss policies with respect
to risk assessment and management. As in our earlier discussion concerning the
TARP certification requirements for those financial institutions participating in the
CPP, these rules only apply to NYSE-listed firms. Yet, it seems prudent for all
boards to acknowledge that they may be subject to “best practice” standards in the
eyes of their shareholders and the general public.
Boards should also take advantage ofD
industry-specific regulators (such as the
Federal Reserve and the FDIC in the banking
A industry) and specialized risk management organizations that have published best practice guidance. The Committee
I
of Sponsoring Organizations of the Treadway
Commission (COSO), a privatesector organization sponsored by professional
L accounting associations and institutes, has developed an ERM framework that promotes an enterprise-wide perY emphasizes the role of the board in
spective on risk management. That document
risk management in its definition of ERM:,
Enterprise risk management is a process, effected by the entity’s board of directors,
management, and other personnel, applied inR
strategy setting and across the enterprise,
designed to identify potential events that may affect the entity, and manage risk to be within
Y regarding the achievement of objectives.
the risk appetite, to provide reasonable assurance
3
(emphasis added)
A
N a valuable benchmarking tool and
The COSO integrated framework provides
offers detailed guidance on how a company may implement enterprise risk management procedures in its strategic planning efforts and across the entire organization. The COSO ERM framework 2
presents eight interrelated components
of risk management: (1) the internal environment
(the tone of the organization),
6
(2) objective-setting, (3) event identification, (4) risk assessment, (5) risk response,
7
(6) control activities, (7) information and communications, and (8) monitoring. The
5 has become well accepted as a deCOSO enterprise risk management framework
velopment tool for organizations seeking to initiate and/or improve on an ERM
B
program.
U
In 2007, Standard & Poor’s (S&P) announced
a major initiative to incorporate
an explicit evaluation of ERM programs as part of their credit ratings analysis of
companies. S&P has actively evaluated the ERM practices of financial institutions,
insurance companies, and the trading operations of many large energy companies
for some time. Beginning in late 2008, S&P extended this evaluation to nonfinancial
issuers. Box 4.3 provides an excerpt from the S&P announcement that highlights
their expectations for board involvement …
Purchase answer to see full
attachment

How it works

1. Paste your instructions in the instructions box. You can also attach an instructions file
2. Select the writer category, deadline, education level and review the instructions 
3. Make a payment for the order to be assignment to a writer
4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades