Enterprise Risk Management
Essay by 24 • December 29, 2010 • 1,576 Words (7 Pages) • 2,068 Views
Abstract
This paper discusses how a company can successfully implement the Enterprise Risk Management based on COSO guidelines. This paper discusses a step by step process of the implementation plan at Dell Inc, the responsibilities of the workforce and management, the risk mitigation approach and how to monitor the activities successfully.
Enterprise Risk Management
In the wake of all the financial scandals, a variety of laws and regulations have been passed which makes the board of directors solely responsible for the financial results of their company. Sarbanes Oxley Act of 2002 was one of them, but this covers only a part of the total risks that a company faces. A much wider range like strategic, operational and hazardous risks lies outside this. To cover all the aspects of risks that an organization faces, companies are implementing the Enterprise Risk Management program, which means:
Enterprise risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. (coso, 2004).
In this paper I will be outlining a plan to implement the enterprise risk management based on COSO recommendations for Dell Computers Inc.
The main step in implementing the ERM plan is to create a framework that will define what the ERM will mean for the company and use this framework to develop a plan that will be tailored to the company's needs. The company should assemble a team that is motivated to implementing a successful ERM program. The team members can be selected from different departments, where each member represents each unit. The members selected should be committed and motivated towards implementing a successful risk management program. A team leader should be appointed who will oversee the developments. The team leader should be independent and an expert in risk management. The leader will work with the company's internal and external advisors. If any discrepancy in accounting or financial reporting is identified, the leader should immediately report the matter to the board of directors. The representatives will address the risks of their own business units to the leader and the team as a whole can come up with a strategy or solution to mitigate these risks. Communication on a timely basis is an integral part in the success of this program. All the team members should be given training and assistance in all the areas. The members should have a clear knowledge about the objectives that are going to be achieved by this plan, and why the company needs a plan at present. A separate committee to oversee the project should be formed. Before implementing this plan, communication with the stakeholders is an important part. By doing this, the company can know if the stakeholder objectives are aligned with the company's plans and policies. Communications with the high level management are also an integral part because without the involvement and consent of the top management no programs can be implemented. So the top management representatives like the CEO and the CFO should be included in this committee. A project charter should be created that will outline the objectives that are going to be achieved and the responsibilities of the team members will be clearly outlined. The charter will clearly define the steps to take when a conflict arises, or if the company falls behind when implementing this plan. The main mission of this program should be to identify and mitigate all the risks that will threaten the shareholder value.
After creating a framework for the plan, the main risks should be identified. Risks can be identified in different ways like sending out questionnaires, interviewing, comparing with competitors or doing a benchmarking. Assign a grade to each risk and prioritize according to the importance. Risks can be of different types, like financial risks, operational risks, and hazardous risks. The company can prioritize risks according to their importance. Those risks that can threaten the shareholder value can be assigned a higher rating. At present, the main risk facing Dell Computers is the risk of revenue loss due to increase in competition. Dell was a market leader in their industry. But the competitors have improved their sales and marketing techniques. They also offer competitive pricing. Another risk the company recently faced was the risk of non-compliance with the Sarbanes Oxley Act of 2002. Due to SEC allegations, Dell Inc conducted an internal investigation of their accounting practices. The investigation identified several accounting errors and showed evidence of misconduct. Dell falsely reported some of the earnings to make the company more attractive to investors. It was also clear that the internal control of the company was weak and needed some attention. Due to this issue, the company had to reinstate some of their financial statements from prior years. So the main goal of this program should be to identify the most important risks that can threaten the shareholder investments and take appropriate actions before it gets out of control. Risks can be integrated using 'Risk Map', which shows the risk on the basis of frequency and severity (casact, 2003). By prioritizing risks according to their frequency and severity, the company can concentrate on the most important risks and take steps on a timely basis to avoid it.
After identifying and prioritizing risks, the organization needs to decide how to respond to all the major risks. Risk response can be in the form of avoidance, acceptance, reduction, and sharing. By implementing better internal controls the risk of non compliance can be avoided. The company can monitor their accounting and financial reporting practices and if they identify any problems, necessary steps can be taken to counter it. By taking this step the organization can bring the risks to an allowed level. The risk of non-compliance can be avoided by educating the employees about the risks like, loss of business opportunities, and penalties associated with it, so that they will have a clear
...
...