Needed: The Courage to Confront Risk français

"Is corporate America becoming too risk-averse? Your company needs a chief courage officer."

   

Senior executives are suddenly focusing on Risk Management and their approach to risk for three reasons.

First, as corporate revenues and profits rebound, they are seeking new investment areas that will provide higher returns by leveraging their current business assets. But they want all the potential risks of starting new ventures identified and analyzed before they commit.

Second, In the U.S.A the Sarbanes-Oxley (SOX) Act of 2002 is being interpreted to mean that all public companies must have a formal risk management process whose effectiveness can be certified. To this end, COSO, whose internal control guidelines are the standard for SOX compliance, has released a draft document (2,1kb pdf) Enterprise Risk Management Standard as a next-to-last-step before publishing its final guideline. In Canada the National Instrument 52-108 Auditor Oversight has been adopted in all Canadian jurisdictions. Multilateral Instruments 52-109 Certification of Issuers' Annual and Interim Filings and 52-110 Audit Committees have been adopted in every Canadian jurisdiction except British Columbia. These new Canadian rules took effect March 30, 2004.

Third, by using a Corporate Governance Enterprise Initiative Management (EIM) software, risk management efforts no longer remain high-level paper exercises. Risk issues, associated analysis, mitigation plans of actions, and experts are all stored within a single enterprise-wide repository. CEOs and CFOs can review both their corporation's risk management processes and the effectiveness of the processes, as required by U.S.A and Canadian authorities.

Internal mandated Disclosure and Compliance Committees can attest to the fact that their corporations are following best-management practices for assessing risks. Executives can copy corporate-standard risk management templates and use them as the basis to establish and update risk profiles and plans for new ventures. Managers and employees can formally communicate potential risks that might not yet have been identified to senior executives, as required by Canadian and U.S.A authorities.

The Bottom Line: Risk Management is a new corporate requirement. If risk management in your organization is a meeting and paper exercise, it is of little value. Executives that use an (EIM) for Risk Management will both meet the compliance requirements of Canadian and U.S.A authorities and advance the maturity of their management processes.