| Enterprise risk management: a long-term solution for compliance, governance and sustained growth in shareholder value In recent years, shareholders, pension holders, investors and society at large have suffered enormous loss as a result of numerous and catastrophic corporate failures. As the means of reducing the potential for such loss, improved corporate governance has become an inescapable must for businesses around the globe. Irrefutably, effective governance is only possible through a functional system of internal control, which itself is wholly dependent on a culture of sustained and proactive enterprise risk management. As one of the most effective means of managing compliance and avoiding the risk of non-compliance, enterprise risk management is also increasingly recognised by forward-thinking organisations as the best long-term, sustainable and cost-effective solution to meeting the compliance mandates as required by the Sarbanes-Oxley Act and the ever increasing compliance requirements companies face today. While enterprise risk management is both the foundation of any functional system of internal control and governance, and the most cost-effective platform for continued and long-term compliance, ERM is also the most efficient, effective and proactive approach to increasing shareholder value. Therefore, and as most analysts and leading businesses thinkers agree, an effective long-term solution for compliance, governance and sustained growth in shareholder value is to integrate a formal technology-based system of sustained, repeatable and continuously improving enterprise risk management into the heart of all business processes, practices, control and governance activities. As ‘the internal means by which corporations are operated and controlled’ and thus ‘the process by which corporations are made responsive to the rights and wishes of stakeholders’, effective corporate governance is universally accepted as the means by which a corporation actively increases shareholder value while simultaneously reducing the likelihood of loss. In recent years, however, there have been a ‘series of high-profile scandals and failures where investors, company personnel and other stakeholders suffered tremendous loss’. In a move to reduce this risk, shareholders, investors, regulators, pension holders and society at large are increasingly demanding improved governance within the global corporate community. Consequently, as the number and severity of corporate failures has increased steadily over the last decade, so too has the development of standards, guidelines and codes of conduct to assist corporations in improving their governance efforts. While these standards, guidelines and codes all differ in origin, they share one core tenet - the foundation of good governance is an effective system of internal control. As the primary means of setting and monitoring performance in relation to corporate objectives and the control mechanisms that enable the identification and management of risks in relation to meeting those objectives, an effective system of internal control is the essential ingredient of effective corporate governance. Although there are a myriad of internal control guidelines and frameworks one can work to, in recent years two complementary frameworks for internal control have emerged as the de facto standards by which companies should be regulated and measured and thus increasingly look to when adopting a framework for internal control best practice. These frameworks are commonly referred to as the Turnbull framework and the COSO framework. The Turnbull framework is based on the 1999 publication Internal Control: Guidance for Directors on the Combined Code. This framework, the work of Nigel Turnbull and the Institute of Chartered Accountants in England and Wales (ICAEW), is itself the latest in a series of mutually reinforcing and continuously improving governance guidelines developed in the United Kingdom. The roots of the Turnbull framework lie in the work of Sir Adrian Cadbury (The Cadbury Report - 1992) and build upon subsequent UK contributions including: The Rutterman Report – 1994; The Greenbury Proposals; and Hampel’s Combined Code – 1998. The COSO framework is based on the 2004 publication Enterprise Risk Management: Integrated Framework. This was published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and although American in origin, it has a similar heritage to the Turnbull framework in that it builds upon earlier efforts to provide guidance for improved governance. The 2004 COSO framework complements and improves on the 1987 publication of the Treadway Commission – Internal Control – Integrated Framework. By looking at each of these frameworks more closely, it is clear that in both cases the heart of an effective system of governance and internal control is proactive, effective and sustained enterprise-wide risk management. According to the Institute of International Auditors, ‘risk and control are virtually inseparable – like two sides of a coin – meaning that risks first must be identified and assessed; then managed and mitigated by the implementation of a strong system of internal control’. READ THE FULL ARTICLE HERE (PDF)
•Date: 5th May 2005 •Region: UK/World •Type:
Article •Topic: Operational risk |
