Enterprise Risk Management (Preview)

Chapter 1 – Risk Management Awareness 27 suppliers value business relationships and fairness in procurement and contracting. Employees value career opportunities, and their ability to identify with the organization and contribute to its success. Broadly defined, customers include the buyers of company goods or services, the recipients of government services, and those who benefit from the research or support of not-for-profit organizations. Customers value goods and services that meet their needs and expectations, at a price or condition that they can accept. In general, investors include shareholders, bondholders, business partners, franchise owners, contributors, corporate sponsors, individual donors, etc. These investors value information, performance and reputation. They rely on other stakeholders such as board members (or equivalent trustees), regulators, market analysts, credit rating agencies and auditors to exercise oversight on the information that organizations provide, and the activities and management practices that are carried out. Organizations are compelled to disclose information about their risks and risk management practices to satisfy investors, and the other stakeholders that investors rely upon (Box 1.2). Organizations are also expected to manage risks effectively and meet or exceed regulatory requirements. Organizations improve their performance by exploiting opportunities, mitigating threats and lowering their cost of capital. They also recognize the importance of maintaining a good reputation as an essential condition for doing business. Risk management helps organizations meet stakeholder expectations, improve their performance and maintain a good reputation. In turn, the achievement of these goals drives the evolution of risk management. For example, organizations apply innovative risk management practices in many areas. These areas include strategy, research and development, engineering, produc- tion and distribution. Risk management also helps organizations maintain competitive prices and meet consumer demand. Successful organizations become models for others to emulate, including their risk management practices. They are invited to present their innovative practices as part of industry conferences and professional association events. These presentations influence other organizations. Box 1.2 – In Practice: Factors Causing Added Focus on Risk Management Fifty-eight percent of chief financial officers or executives in equivalent positions confirm that “external parties” apply pressure to obtain more information about organizational risks. For large organizations with revenues exceeding $1 billion, sixty-eight percent mention that such pressures exist. Many other factors also prompt senior executives to focus on risk management. The prevalence of these factors varies based on organizational size and type. These factors and the percentages of chief financial officers or equivalent that identify them as “extensively” or “mostly” responsible for the added focus on risk management are as follows: Regulator demands 26% 27% 46% 17% Unanticipated risk events 32% 37% 24% 39% Best practice expectations 28% 35% 33% 38% Corporate governance requirements 21% 28% 29% 18% Board member requests 25% 36% 27% 28% Large Organizations All Organizations Source: Mark S. Beasley, Bruce C. Branson and Bonnie V. Hancock, The State of Risk Oversight: An Overview of Enterprise Risk Management Practices, 11 th Edition (North Carolina State University, Poole College of Management, Enterprise Risk Management Initiative, April 2020. Report accessible through: www.erm.ncsu.edu), p.10-11. Not-for-Profit Organizations Financial Services Factors