This year, the US Securities and Exchange Commission instituted new disclosure rules requiring public companies to inform their shareholders about the role of the board of directors in overseeing risk management. A major US law firm recently reviewed annual proxy statements of S&P 500 corporations to determine the extent and nature of risk management across various industries. One of the more interesting findings in the review was the number of companies who are employing Enterprise Risk Management programs to help manage their risks. Here is what they reported.
In the wake of the financial crisis, many companies have implemented more comprehensive and integrated risk management programs, and boards of directors have expanded their risk oversight to encompass not just the legal and financial risks that audit committees have traditionally overseen, but also the full panoply of risks that a company may face. Enterprise risk management (ERM) is the current buzzword applied to a top-down holistic approach to risk management. It addresses all of an enterprise’s risks—including operational, financial, strategic, compliance and reputational risks—under one umbrella, in contrast to the more traditional “silo” approach in which each operating function or division tackled risk independently. ERM is not focused simply on risk reduction. Rather, it encompasses an assessment of both upside and downside risks and, thus, helps inform the strategic planning process. Indeed, to make informed decisions about the company’s strategic direction, the board must have a full understanding of all of the major risks involved.
Fifty-four percent of surveyed companies expressly used the term “enterprise risk management.” Sample disclosures are set forth below:
American Express Company: “The Company relies on its comprehensive enterprise risk management process (ERM) to aggregate, monitor, measure and manage risks. The ERM approach is designed to enable the Board of Directors to establish a mutual understanding with management of the effectiveness of the Company’s risk management practices and capabilities, to review the Company’s risk exposure and to elevate certain key risks for discussion at the Board level. The Company’s ERM program is overseen by its Chief Risk Officer who is an executive officer of the Company and a member of the Company’s most senior management.”
Express Scripts, Inc.: “In order to assist the board of directors in overseeing our risk management, we use enterprise risk management (“ERM”), a company-wide initiative that involves the board of directors, management and other personnel in an integrated effort to identify, assess and manage risks that may affect our ability to execute on our corporate strategy and fulfill our business objectives. These activities entail the identification, prioritization and assessment of a broad range of risks (e.g., financial, operational, business, reputational, governance and managerial), and the formulation of plans to manage these risks or mitigate their effects.”
With more than half of the companies relying on ERM, the review shows that ERM is growing as an accepted practice beyond just financial services companies. If your company is looking to implement or simply improve your ERM program, Wheelhouse Advisors can help. Visit www.WheelhouseAdvisors.com to learn more.