Page 670 - Encyclopedia of Business and Finance
P. 670
eobf_R 7/5/06 3:20 PM Page 647
Risk Management
RETIREMENT important evidence about compliance with relevant laws
PLANNING and government regulations.
SEE Personal Financial Planning
INTERNAL CONTROL
An important contribution to the field of risk manage-
ment for business enterprises has been provided by the
REWARD SYSTEMS Committee of Sponsoring Organizations (COSO) of the
National Commission on Fraudulent Financial Reporting
SEE Employee Benefits; Employee Compensation
(Treadway Commission). The Treadway Commission was
created in 1987 in the wake of several major financial
frauds. The sponsoring organizations include the Ameri-
can Accounting Association, American Institute of Certi-
RISK MANAGEMENT fied Public Accountants, Financial Executives
Risk management is a term that pervades a number of dif- International, the Institute of Management Accountants,
ferent areas of human interest. At the ultimate level of risk and the Institute of Internal Auditors.
management, political leaders and government officials In 1992 COSO issued the report Internal Control—
must assess the risk of natural disasters, terrorist attacks, Integrated Framework, which has become the most widely
and nuclear war—events that threaten human existence. recognized framework for internal control in the United
For public health officials and hospital administrators, risk States. Section 404 of the federal Sarbanes-Oxley Act of
management entails the reduction of mortality due to dis- 2002 requires the management of public companies to
ease and infection. For transportation safety engineers, issue annual internal control reports which include a state-
risk management focuses on preventing or reducing ment that management is responsible for establishing and
deaths and injuries caused by accidents. Insurance compa- maintaining an adequate internal control structure, as well
nies and their customers view risk management as entail- as procedures for financial reporting, and is to make an
ing the assessment and mitigation of various types of risks, assessment of the effectiveness of the internal control
often with the goal of reducing the costs of insuring structure and the procedures for financial reporting.
against such risks. Section 404 also requires the company’s independent
For bankers and lenders, risk management involves auditor to issue a report on management’s assessment of
credit analysis and techniques such as currency hedging internal control. Public Companies Accounting Oversight
and interest rate swaps that reduce credit and lending Board (PCAOB) Standard No. 2 specifically recognizes
risks. For the business manager, risk management necessi- the COSO Internal Control—Integrated Framework as
tates the assessment of future market fluctuations both on establishing the criteria for effective internal control over
the sales and supply sides of an enterprise and creating financial reporting.
plans to mitigate the effects of these fluctuations. In sum,
risk management addresses the possibility that future ENTERPRISE RISK MANAGEMENT
events may cause adverse effects and entails an attempt to Because the Sarbanes-Oxley Act and the COSO Internal
mitigate the impact of these effects. Control—Integrated Framework are directed primarily
Risk management draws upon knowledge and skills toward internal control and transparency in financial
derived from various disciplines, including statistics, eco- reporting, COSO became concerned that there was a
nomics, psychology, sociology, epidemiology, biology, need for a broader framework to identify, assess, and man-
engineering, toxicology, systems analysis, operations age enterprise risks. Consequently, in 2004 COSO issued
research, decision theory, and international relations. Enterprise Risk Management: Integrated Framework. This
Because of the wide diversity of risk management topics, document is not intended to replace the COSO internal
this entry addresses only a small portion of the total, con- control framework. Rather it incorporates the internal
centrating on risk management from the perspective of control framework and recommends that companies use
higher levels of a business enterprise. The specific risk the enterprise risk management framework to both satisfy
management techniques will not be addressed, but the their internal control needs and to develop a more com-
focus will instead be on components of risk management plete risk management process.
that are important to business enterprises. Ultimately, risk According to COSO, the underlying premise of
management can provide assurance to shareholders, cred- enterprise risk management is that every entity exists to
itors, employees, customers, and other interested parties provide value for its stakeholders. Because all entities face
that a business is being well managed, and it can provide uncertainty, the challenge for management is to determine
ENCYCLOPEDIA OF BUSINESS AND FINANCE, SECOND EDITION 647
