Enterprise Risk Management (Preview)

44 Part 1 – Concepts and Methods 12 WorldCom, Inc., Annual Report Form 10K, December 31, 2001 and December 31, 2001 Restated (Securities and Exchange Commission. Accessible through: www.sec.gov/edgar/searchedgar/webusers.htm) (P208, P209) 13 Although the Sarbanes-Oxley Act, Section 404, requires that the assessment of internal controls over financial reporting performed by management be disclosed only in relation to the financial year end of the organization, SEC rules require that management assess and certify these controls also for quarterly financial reports. (P213) 14 NYSE, Listed Company Manual, Section 303A.00 (Accessible at: nysemanual.nyse.com/lcm/). (P214) 15 The NYSE Listed Company Manual, Section 303A.00 , states that all audit committee members must be “financially literate” and at least one member must have accounting or financial management expertise. (P214) 16 NYSE, Listed Company Manual, Section 303A.00, Corporate Governance Standards. (P214) 17 US Congress, Sarbanes-Oxley Act of 2002 , Sec. 302, 404, 401, 406, 301, 407, 806. (Accessible: www.congress.gov) 18 US Congress, Sarbanes-Oxley Act of 2002 , Sections 802, 807, 906. (Accessible: www.congress.gov) (P210) 19 US Congress, Dodd-Frank Act (Public Law 111-203, Accessible through: www.congress.gov), Sec. 931. (P224) 20 C. Rexrode and E. Glazer, “Big Banks Paid $110 Billion in Mortgage-Related Fines. Where Did the Money Go?” Wall Street Journal (March 9, 2016. Article accessible through www.wsj.com). (NA028) 21 Ben S. Bernanke, Risk Management in Financial Institutions (Speech At the Federal Reserve bank of Chicago’s Annual Conference on Bank Structure and Competition, May 15, 2008. Accessible at: www.federalreserve.gov/ newsevents/speech/bernanke20080515a.htm). (P216) 22 Economic Intelligence Unit, Restoring Confidence: Risk Management Capabilities in the Wake of the Financial Crisis (An Economist Intelligence Unit Research Program Sponsored by Protiviti, 2013), p.9. (P191) 23 US Congress, Dodd-Frank Act , Preamble. (P224) 24 US Congress, Dodd-Frank Act , Sections 165, 154, 1400, 1403, 1411, 941. (P224) 25 US Congress, Dodd-Frank Act , Sections 951, 952-954, 971, 972, 922. (P224) 26 SEC, Securities Offering Reform, Final Rule 33-8591 (Accessible through: www.sec.gov ), p.257. (P227) 27 SEC, Questions and Answers About the New “Market Risk” Disclosure Rules (Publication Accessible: www.sec.gov/divisions/corpfin/guidance/derivfaq.htm#risk), p.4. (P230) 28 SEC, Proxy Disclosure Enhancements, Final Rule 33-9089 (Accessible through: www.sec.gov), p.44. (P227) 29 NYSE, Listed Company Manual, Section 303A.00, Corporate Governance Standards. (P214) 30 Minar, Deon J. et al., “Chapter 22: Principles for Effective Enterprise Risk Management” in NYSE: Corporate Governance Guide, Edited by Nigel Page (London UK: KPMG, NYSE, White Page Ltd, 2014), p.160. (P161) 31 S&P, Standard and Poor’s to Apply Enterprise Risk Analysis to Corporate Ratings (New York: McGraw Hill, 2007. Note: this publication and others from S&P regarding financial and non-financial services organizations were found through Internet searches. However, they could not be found on the S&P website), p.3. (P019) 32 COSO, About Us (Website page accessed April 13, 2016, at www.coso.org/aboutus.htm). (P215) 33 COSO, Enterprise Risk Management - Integrating with Strategy and Performance, Executive Summary (Committee of Sponsoring Organizations of the Treadway Commission, June 2017. Accessible through: www.coso.org), p.7. 34 COSO, Enterprise Risk Management - Integrating with Strategy and Performance, Executive Summary , p.iii. 35 ISO, Risk Management, ISO 31000 (Publication accessible at www.iso.org), p.5. Note: The number of ISO member countries can fluctuate, and therefore total membership may not always amount to 162. (P329) 36 ISO, Risk Management – Vocabulary , Guide 73, First Edition (Geneva, Switzerland: 2009), p.1. (P268) 37 ISO, Risk Management – Vocabulary , Guide 73, First Edition (Geneva, Switzerland: 2009), p.1. (P268) 38 ISO, Risk Management - Guidelines , International Standard 31000, Second Ed. (Geneva, CH: 2018), p.1. (P330) 39 ISO, Risk Management - Guidelines , p.4. (P330) 40 National Association of Corporate Directors, Report of the NACD Blue Ribbon Commission, Risk Governance: Balancing Risk and Reward (2009. Accessible through www.nacdonline.org), p.1. (P023) 41 Paul J. Sobel, Who Owns Risk: A Look at Internal Audit’s Changing Role (The IIA Research Foundation, Global Internal Audit Common Body of Knowledge. 2015. Accessible through: na.theiia.org). p.8. (P159) 42 Paul J. Sobel, Who Owns Risk: A Look at Internal Audit’s Changing Role . p.8. (P159) 43 Mark Beasley, Bruce Branson and Bonnie Hancock, The State of Risk Oversight: An Overview of Enterprise Risk Management Practices, Seventh Edition (North Carolina State University, Poole College of Management, Enterprise Risk Management Initiative, April 2016. Accessible through: www.erm.ncsu.edu), p.21. (P254) 44 Bruce Branson, Reporting Key Risk Information to the Board of Directors (ERM Initiative, Poole College of Management, North Carolina State University, 2015. Accessible through www.erm.ncsu.edu). (P156) 45 Protiviti, Organizing for Risk Oversight (Board Perspectives: Risk Oversight, Issue 5, Publication accessible through www.protiviti.com, 2010), p.1. (P113) 46 Mark Beasley, Bruce Branson and Bonnie Hancock, The State of Risk Oversight . p. 13-14. (P254) 47 Annette Mikes and Robert S. Kaplan, “When One Size Doesn’t Fit All: Evolving Directions in the Research and Practice of Enterprise Risk Management,” Journal of Applied Corporate Finance (Winter 2015), p.37. (A044) 48 Aon, Risk Maturity Index, Insight Report (November 2015. Accessible through: www.Aon.com), p.3. (P154) 49 Robert E. Hoyt and Andre P. Liebenberg, “Evidence of the Value of Enterprise Risk Management,” Journal of Applied Corporate Finance (Winter 2015. Accessible through: onlinelibrary.wiley.com), p.41-46. (A043) 50 Robert E. Hoyt and Andre P. Liebenberg, “Evidence of the Value of Enterprise Risk Management,” Journal of