Enterprise Risk Management (“ERM”) as a movement has been around for more than a decade. Unfortunately, a 2010 COSO survey disclosed that only limited progress has been made convincing senior management and boards that ERM is key to maximizing and safeguarding long term enterprise value, allocating expensive human and financial resources, or managing major risks to strategic and core business objectives.
At the same time there is growing consensus that one of the root causes of the global financial crisis of 2008 was deficient risk management and oversight. The majority, if not all, of the organizations at the center of the 2008 global financial crisis had some form of ERM. In most cases their CEOs, CFOs and auditors had all previously certified they had effective internal control over financial reporting in accordance with the 1992 COSO Internal Control – Integrated Framework, including controls over risk assessment processes and valuation of the toxic investment products at the heart of the global crisis.
In light of the massive wave of corporate governance failures linked to the global financial crisis of 2008, regulators in the U.S., Canada, Europe and elsewhere now require public companies disclose specifics on how their boards of directors oversee the effectiveness of risk management. At the same time, institutional investors, credit rating agencies, and board of director associations are all calling for major improvements in risk management and oversight. The ERM movement is expected to accelerate exponentially globally as a result of these change drivers.
Mandating more of the same flawed risk and control management frameworks, tools and methodologies in their current form that have not delivered the results promised by their authors is not the right path. The global cost of failed risk and control management frameworks over the last five years totals in the trillions of dollars.
The High Cost of ERM Herd Mentality (white paper) suggests the root of risk management failures is flawed risk and control management frameworks, methods and tools. These are referenced as “ERM herd mentality wrong turns.” Wrong turns are analyzed and specific recommendations for the SEC and security regulators around the world, ISO, COSO, the IIA, and others (“ERM herd leaders“) are proposed to lever greater benefits from the billions of dollars organizations are expected to spend in the next five years enhancing their risk management capabilities.