is a discipline for living with the possibility that future events may cause adverse effects.
Companies have struggled partly because IT risk management
is a newly emerging field where the traditional models of risk management
do not always cleanly apply.
Whatever the enterprise's proxy for measuring value, the most important contribution of risk management
is to help executives make better strategic choices.
While corporate scandals and tightening regulation have caused roughly two-thirds of companies surveyed to reassess their risk management
strategies, fewer than half of the companies surveyed have done so in response to the threat of terrorism, and only one in four has done so as a result of growing climatic and natural hazard risks.
COSO recognizes that while many organizations may be engaging in some aspects of enterprise risk management
, there has been no common base of knowledge and principles to enable boards and senior management to evaluate an organization's approach to risk management
and assist them in building effective programs to identify, measure, prioritize and respond to risks.
Developing a Records and Information Risk Management
Following the tragic events of "9-11," as Americans, we do not think it would be a bold statement to say people of Middle Eastern descent are now experiencing numerous risk management
issues in their lives.
An effective integrated enterprise risk management
system could have prevented or detected many of the activities that caused the recent events at WorldCom, Enron, Tyco and other companies.
CROs from financial services have a "perfect profile," she says, which includes: review of banking regulations, participating in annual Securities and Exchange Commission (SEC) meetings, working with credit rating agencies, overseeing and defining risk management
policies in compliance with Sarbanes-Oxley and Basel II, meeting with major investors and responsibility for internal controls.
If the clients open up and let the broker know their goals and how their company views risk management
, the broker can then respond to assist the risk manager and the company.