Enterprise Risk Management

4038 Words17 Pages
Enterprise / Operational Risk Management

IT Audit Manager City National Bank California State Polytechnic University, Pomona

Enterprise risk management (ERM) is a relatively new discipline that focuses on identifying, analyzing, monitoring, and controlling all major risk classes (e.g., credit, market, liquidity, operational risk classes). Operational risk management (ORM) is a subset of ERM that focuses on identifying, analyzing, monitoring, and controlling operational risk. The purpose of this paper is to explain what enterprise risk management is and how operational risk management fits into the ERM framework. In our conclusion, we discuss what is likely to happen in the ERM / ORM environment over the next 5 years. Introduction As
…show more content…
Exhibit 1


Why Enterprise / Operational Risk Management? There are many reasons ERM / ORM functions are being established within corporations. following are a few of the reasons these functions are being established. Organizational Oversight Two groups have recently emphasized the importance of risk management at the organization’s highest levels. In October 1999, the National Association of Corporate Directors released its Report of the Blue Ribbon Commission on Audit Committees, which recommends that audit committees “define and use timely, focused information that is responsive to important performance measures and to the key risks they oversee.” The report states that the chair of the audit committee should develop an agenda that includes “a periodic review of risk by each significant business unit.” In January 2000, the Financial Executives Institute released the results of a survey on audit committee effectiveness. Respondents, primarily chief financial officers and corporate controllers, ranked “key areas of business and financial risk” as most important for audit committee oversight. In light of events surrounding recent corporate scandals (e.g., Enron, etc.), and the increasing executive and regulatory focus on risk management, the percentage of companies with formal ERM methods is increasing and audit committees are becoming more involved in corporate oversight. The UK and Canada have set forth specific legal
Get Access