Unit 2 Human Resource Risk Management ERM Framework Paper Please use apa format and scholarly sources. The total word count is 250 words and total sources

Unit 2 Human Resource Risk Management ERM Framework Paper Please use apa format and scholarly sources. The total word count is 250 words and total sources 3, please cite sources. Please make sure answer is original and not from other cites a plagiarism scan ran. 1.In your own words, describe the ERM framework used in your organization used to assess and evaluate risk. Does that current framework satisfy the list of ten criteria according to ISO 31000 on pp. 99-100? Why or why not? Share with your fellow learners how KRIs and KPIs might be used in your organization. Apply concepts from the chapter to explain your understanding of their use. P1: OTA/XYZ
October 24, 2009
Printer Name: Hamilton
The Role of the Board
of Directors and Senior
Management in Enterprise
Risk Management
Professor of Accounting and Associate Director,
North Carolina State University
Enterprise Risk Management Initiative
The oversight of the enterprise risk management
(ERM) process employed by an
organization is one of the most important and challenging functions of a corpoN
ration’s board of directors. In concert with senior management of the company,
D at the top” to ensure that risk and
the board must establish the appropriate “tone
risk management considerations remain at the forefront of strategic and operating
decisions made within the business. The 2008–2009 global financial crisis and the
rapidly deteriorating global economy hasAcreated a context in which companies
now face risks that are more complex, more interconnected, and potentially more
devastating than ever before. Failure to adequately acknowledge and effectively
1 made throughout the organization
manage risks associated with decisions being
can and often do lead to potentially catastrophic
We need look no further than to the current status of the financial services
2 with poorly monitored and managed
sector to observe the devastation associated
risk taking. Risks associated with credit quality,
3 liquidity, market disruptions, and
reputation have all contributed to unprecedented bankruptcies, bank failures, federal government intervention, and rapidT(and forced) consolidation within the
industry. The fallout from this financial cataclysm
spread quickly to the broader
economy, as companies in almost every industry have suffered from the effects
of a global credit freeze, dramatic reductions in consumer demand, and extreme
volatility in commodity, currency, and equity markets.
The perception that aggressive and unchecked risk taking has been central to
the breakdown of the financial and credit markets has led to increased legislative
and regulatory focus on risk management and risk prevention. In this environment,
boards and companies must be aware that regulators and the legal system may apply new standards of conduct, or reinterpret existing standards, to increase board
Copyright ©2010 John Wiley & Sons, Inc.
October 24, 2009
Printer Name: Hamilton
responsibility for risk management. Boards cannot and should not be involved
in the actual day-to-day management of risks encountered by the companies they
serve. The role of the board is to ensure that the risk management processes designed and implemented by senior executives and risk management professionals
employed by the company act in concert with the organization’s strategic vision, as
articulated by the board and executed by senior management. As well, the board
must exercise significant oversight to be confident that risk management processes
are functioning as designed and that adequate attention is paid to the development
of a culture of risk-aware decision making throughout the organization.
By actively exercising its oversight role, the board sends an important signal to the company’s senior management
Gand its employees that corporate risk
management activities are not roadblocks to the conduct of business nor a mere
“check-the-box” activity. Executed properly, ERM can and should become an inteT culture, and value-creation process.
gral component of the firm’s corporate strategy,
The board can provide direction and support
E for the ERM effort, but without one
or more risk champions within the executive leadership, most ERM programs are
destined to fail. Thus, there is a shared responsibility
between the members of the
board and the senior management team to
risk-aware culture in the or,
ganization that embraces prudent risk taking within an appetite for risk that aligns
with the organization’s strategic plan.
The company’s ERM system shouldD
function to bring to the board’s attention the company’s most significant risks and allow the board to understand and
E the manner in which they may affect
evaluate how these risks may be correlated,
the company and management’s mitigation
A or response strategies. It is critically
important for board members to have the experience, training, and intimate knowlN meaningful assessments of the risks
edge of the business required in order to make
that the company encounters. The board must
D also consider the best organizational
structure to give risk oversight sufficient attention at the board level. In some comR
panies, this has driven the creation of a separate risk management committee of
the board. For other organizations, it may
Abe reasonable for these discussions of
risk to occur as a regular agenda item for an existing committee such as the audit
committee, enhanced by periodic review at the full board level. No one size fits all,
but it is vitally important that risk management
oversight be a board priority.
This chapter addresses the proper role of the board of directors in corporate risk
management. It identifies the legal and regulatory framework that drives the risk
2 clarifies the separate roles of the board
oversight responsibilities of the board. It also
and its committees vis-a?-vis senior management
3 in the development, approval, and
implementation of an enterprise-wide approach to risk management. Finally, the
T to best discharge their risk oversight
chapter explores optimal board structures
The risk oversight responsibility of boards of directors is driven by a variety of
factors. These factors include the fiduciary duty owed to corporate shareholders,
which is a function of state law; U.S. and foreign laws and regulations such as the
Copyright ©2010 John Wiley & Sons, Inc.
October 24, 2009
Printer Name: Hamilton
recently enacted Emergency Economic Stabilization Act of 2008 (EESA) and the
Sarbanes-Oxley Act; New York Stock Exchange (NYSE) listing requirements; and
certain established corporate best practices. As well, the risk of damage to corporate
reputation from shareholder activism or adverse media coverage for companies
believed or found to possess inadequate risk management capabilities also strongly
contributes to the desirability of sound risk oversight by corporate boards.
The Delaware courts (which serve to establish law for a wide swath of corporate
America) have developed guidelines for board oversight responsibilities through
a series of court cases that have dealt with purported violations of the fiduciary
duties of care and loyalty that are owed to the company by members of the board.
that director liability for a failure of
The Delaware Chancery Court has statedG
board oversight requires a “sustained or systemic failure of the board to exercise
oversight—such as an utter failure to assure a reasonable information and reporting
system exists.” To avoid liability, boards T
should ensure that their organizations
have implemented comprehensive monitoring
E systems tailored to each category
of risk. The board should periodically review these monitoring systems and make
inquiries of management as to their robustness.
The board should also consider
retaining outside consultants for an independent
assessment of the adequacy of
the methodology that has been implemented. The company’s general counsel may
also be utilized to provide an assessment as to whether the board has effectively
fulfilled their oversight responsibility for the
D ERM program.
The board should be especially sensitive to so-called “red flags,” or violations
E management team. These violations
of existing risk limits established by the risk
must be investigated by the board or delegated
to the appropriate manager for
investigation, and the board should document their actions in minutes that accuNthe board in reviewing the deviation
rately convey the time and effort spent by
from established policies. To preserve theirD
liability shield, boards must ensure that
the monitoring system in place includes reports on significant regulatory matters
(such as fines that have been levied against the company), that may be used as
evidence in shareholder litigation. The board
A should treat such a report as a red
flag and investigate appropriately.
Corporate risk management issues have recently appeared in two important
1 EESA and the Sarbanes-Oxley Act.
examples of federal regulatory oversight—the
Also, companies with foreign operations must be cognizant of the legal require1
ments in each of the locales in which they do business. Whether or not a particular
piece of legislative rule making that relates2to risk management directly applies to
the company and board, such laws and regulations
will undoubtedly influence the
activities that a company undertakes. Given the current environment and enhanced
T a failure by the board to adequately
focus on risk management and risk oversight,
oversee a system of compliance with legal
S requirements can raise issues under
state law with respect to the board’s fiduciary duties, but also can provide opportunities for litigators to highlight such failures in other claims against the company
and board, such as tort liability or even criminal liability. It is imperative that the
board is aware of all material legal requirements applicable to the company, and
the company should take care to include these risks in the development of their
ERM program.
The most recent example of federal legislation that includes an explicit focus
on risk management is the Troubled Asset Relief Program (TARP) contained in
Copyright ©2010 John Wiley & Sons, Inc.
October 24, 2009
Printer Name: Hamilton
the EESA. The act requires that boards of financial institutions participating in the
TARP Capital Purchase Program (CPP) institute certain restrictions on executive
compensation that relate to corporate risk taking. Specifically, participants in the
TARP CPP must comply with the requirements illustrated in Box 4.1. Although
these requirements apply only to financial institutions participating in the CPP,
they do provide insight into federal concern over the issue of how compensation
programs may contribute to excessive risk taking. Because of this concern, companies that are not directly affected by these requirements should still consider
reviewing their compensation plans to determine whether the compensation
structure encourages excessive risk taking. To the extent that incentive compensation is externally viewed as a source
G of inappropriate risk, the interaction
between compensation and risk may inevitably find its way into other legislative
and regulatory responses and/or become a focus of shareholder activism and
undesirable media attention.
Box 4.1 Executive Pay Requirements
the Troubled Asset Relief Program Capital
Purchase Program*
E of EESA for purposes of particiIn order to comply with Section 111(b)(2)(A)
pation in the program, a financial institution
A must comply with the following
three rules:
(1) Promptly, and in no case more than
D 90 days, after the purchase under
the program, the financial institution’s compensation committee, or a
R must review the [senior executive
committee acting in a similar capacity,
officer (SEO)] incentive compensation
A arrangements with such financial
institution’s senior risk officers, or other personnel acting in a similar capacity, to ensure that the SEO incentive compensation arrangements do
not encourage SEO’s to take unnecessary
and excessive risks that threaten
the value of the financial institution.
(2) Thereafter, the compensation committee,
or a committee acting in a
similar capacity, must meet at least
2 annually with senior risk officers,
or individuals acting in a similar capacity, to discuss and review the re3
lationship between the financial institution’s risk management policies
and practices and the SEO incentive
T compensation arrangements.
(3) The compensation committee, or a committee acting in a similar capacS
ity, must certify that it has completed the reviews of the SEO incentive
compensation arrangements required under (1) and (2) above. These
rules apply while the Treasury holds an equity or debt position acquired
under the program.
Excerpted from Treasury Department Notice 2008-PSSFI.
Copyright ©2010 John Wiley & Sons, Inc.
October 24, 2009
Printer Name: Hamilton
The Sarbanes-Oxley Act of 2002 imposes significant requirements on companies and their boards, including audit committee oversight of internal and
external auditors, certification of quarterly and annual financial statements and
periodic reports by the chief executive officer and chief financial officer, maintenance of well-functioning financial reporting and disclosure controls, enhanced
disclosure of financial measures not based on generally accepted accounting principles (GAAP), and a ban on personal loans to directors and officers. Although
not directly tied to the risk oversight responsibilities of boards, compliance with
Sarbanes-Oxley requirements involves risk management issues. As an example, in
determining the effectiveness of controls over financial reporting, or in the financial statement certification process, the company
G should focus on whether material
risks are identified and disclosed. In their review of the company’s compliance
with Sarbanes-Oxley requirements, the board should make inquiries as to whether
these risk management issues have been acknowledged.
The New York Stock Exchange (NYSE)
E imposes specific risk oversight obligations on the audit committee of an NYSE-listed company. These NYSE rules
require that an audit committee “discuss S
policies with respect to risk assessment
and risk management.”2 Box 4.2 provides
, an excerpt from the NYSE corporate
governance rules germane to this requirement. These discussions should address
major financial risk exposures and the steps the board has taken to monitor and
Box 4.2 Excerpt from the NYSE’s 2004
Final Corporate Governance Rules
Among numerous other responsibilities, duties,
and responsibilities of the audit
committee include:
(D) Discuss policies with respect to risk assessment and risk management;
Commentary: While it is the job of the CEO and senior management to
1 to risk, the audit committee must
assess and manage the company’s exposure
discuss guidelines and policies to govern
1 the process by which this is handled. The audit committee should discuss the company’s major financial risk
2 taken to monitor and control such
exposures and the steps management has
exposures. The audit committee is not required
to be the sole body responsible
for risk assessment and management, but, as stated above, the committee must
discuss guidelines and policies to governTthe process by which risk assessment
and management is undertaken. Many companies,
particularly financial comS
panies, manage and assess their risk through mechanisms other than the audit
committee. The processes these companies have in place should be reviewed in
a general manner by the audit committee, but they need not be replaced by the
audit committee.
“Final Corporate Governance Rules,” New York Stock Exchange (2004) www.nyse.com.
Copyright ©2010 John Wiley & Sons, Inc.
October 24, 2009
Printer Name: Hamilton
control these exposures, including a general review of the company’s risk management programs. As the NYSE commentary indicates, the rules permit a company
to create a separate committee or subcommittee (often a separate risk committee
of the board) to be charged with the primary risk oversight responsibility. This
is subject to the need for the risk oversight processes conducted by that separate
committee or subcommittee to be reviewed in a general manner by the audit committee, and for the audit committee to continue to discuss policies with respect
to risk assessment and management. As in our earlier discussion concerning the
TARP certification requirements for those financial institutions participating in the
CPP, these rules only apply to NYSE-listed firms. Yet, it seems prudent for all
boards to acknowledge that they may be subject
G to “best practice” standards in the
eyes of their shareholders and the general public.
Boards should also take advantage of industry-specific regulators (such as the
T industry) and specialized risk manFederal Reserve and the FDIC in the banking
agement organizations that have published
Ebest practice guidance. The Committee
of Sponsoring Organizations of the Treadway Commission (COSO), a privateS accounting associations and instisector organization sponsored by professional
tutes, has developed an ERM framework, that promotes an enterprise-wide perspective on risk management. That document emphasizes the role of the board in
risk management in its definition of ERM:
Enterprise risk management is a process, effected by the entity’s board of directors,
management, and other personnel, applied inEstrategy setting and across the enterprise,
designed to identify potential events that may affect
A the entity, and manage risk to be within
the risk appetite, to provide reasonable assurance regarding the achievement of objectives.
(emphasis added)3
The COSO integrated framework provides a valuable benchmarking tool and
R may implement enterprise risk manoffers detailed guidance on how a company
agement procedures in its strategic planning
A efforts and across the entire organization. The COSO ERM framework presents eight interrelated components
of risk management: (1) the internal environment (the tone of the organization),
(2) objective-setting, (3) event identification,
1 (4) risk assessment, (5) risk response,
(6) control activities, (7) information and communications, and (8) monitoring. The
1 has become well accepted as a deCOSO enterprise risk management framework
velopment tool for organizations seeking2to initiate and/or improve on an ERM
In 2007, Standard & Poor’s (S&P) announced
a major initiative to incorporate
an explicit evaluation of ERM programs as
T part of their credit ratings analysis of
companies. S&P has actively evaluated the ERM practices of financial institutions,
insurance companies, and the trading operations of many large energy companies
for some time. Beginning in late 2008, S&P extended this evaluation to nonfinancial
issuers. Box 4.3 provides an excerpt from the S&P announcement that highlights
their expectations for board involvement in risk management activities. It is clear
that they expect active and engaged board-level participation in the establishment
of the proper “tone at the top” as well as in the approval and monitoring of specific
risk policies the firm develops.
Copyright ©2010 John Wiley & Sons, Inc.
October 24, 2009
Printer Name: Hamilton
Box 4.3 Excerpt from Standard & Poor’s
“PIM Framework for Assessing ERM Practices”*
In November 2007, Standard & Poor’s issued a request for comment titled,
Criteria: Request For Comment: Enterprise Risk Management Analysis For Credit
Ratings Of Nonfinancial Companies, which announced S&P’s proposal to expand
its analysis of ERM processes as part of its credit-rating assessments into 17
Purchase answer to see full

Homework On Time
Calculate the Price of your PAPER Now
Pages (550 words)
Approximate price: -

Why Choose Us

Top quality papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional academic writers

We have hired a team of professional writers experienced in academic and business writing. Most of them are native speakers and PhD holders able to take care of any assignment you need help with.

Free revisions

If you feel that we missed something, send the order for a free revision. You will have 10 days to send the order for revision after you receive the final paper. You can either do it on your own after signing in to your personal account or by contacting our support.

On-time delivery

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & confidential

We use several checkers to make sure that all papers you receive are plagiarism-free. Our editors carefully go through all in-text citations. We also promise full confidentiality in all our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.


Essay Writing Service

You are welcome to choose your academic level and the type of your paper. Our academic experts will gladly help you with essays, case studies, research papers and other assignments.


Admission help & business writing

You can be positive that we will be here 24/7 to help you get accepted to the Master’s program at the TOP-universities or help you get a well-paid position.


Editing your paper

Our academic writers and editors will help you submit a well-structured and organized paper just on time. We will ensure that your final paper is of the highest quality and absolutely free of mistakes.


Revising your paper

Our academic writers and editors will help you with unlimited number of revisions in case you need any customization of your academic papers