IMPLEMENTATION OF ENTERPRISE RISK MANAGEMENT (ERM) TOOLS - A CASE STUDY by ProQuest

VIEWS: 126 PAGES: 18

More Info
									                                                                                                             87

       IMPLEMENTATION OF ENTERPRISE RISK
      MANAGEMENT (ERM) TOOLS – A CASE STUDY
                                Ananth Rao, University of Dubai

                                                ABSTRACT

         This case study in illustrates how one private sector organization (Case A), uses ERM within its
strategic control process. The strategic framework adopted by the case company encompasses objective
setting, risk identification, risk assessment, application of value at risk (VAR) as a quantitative risk
assessment technique employed by the case company, and portraying risk assessment analyzed in Section A.
This case study demonstrates the prudence and practicality of the recommendations of COSO (2004)
framework and Turnbull report for integrating the management of risk and organizational performance in
general as part of a coherent approach to corporate governance.

Key Words:               Implementing ERM, COSO Framework, Risk Analysis
JEL Classification:      C15, C51, G32, L21,

                                             INTRODUCTION

         Risk and the need to manage it is nothing new. Hoffman observes that Maslow implicitly recognized
risk in his famous hierarchy of needs by placing food and shelter, both essential to survival and the first rung
of the ladder (Hoffman, 2002). A failure to manage the risk of these needs not being met can have
catastrophic results, as much for organizations today as it was for the earliest life forms. Bernstein cites the
impact of wars on markets, and storms and piracy on shipping routes as much as some of the major risks faced
and managed by our predecessors (Bernstein, 1996a). He also notes that only 350 years separate today’s risk
management techniques from decisions made on the basis of superstition and instinct (Bernstein, 1996b).

Are risk concepts today new to organizations?

        If risk is nothing new to organizations, why is risk management generating rising levels of interest
at present as seen by the growing volume of current literature on the topic? For example, Stevenson et al
propose that heightened levels of competition and a rapid pace of change are destroying predictability for
organizations, implicitly raising the levels of risk faced (Steveneson, 1995), while Lewis claims that modified
competitive, technological, social, and political circumstances have magnified the potential impact of
operations-related failure (Lewis, 2003). Delamontagne and Witzel echo this in stating that events such as
the September 11th terrorist incident in New York and the Enron meltdown have moved risk management
higher on the business agenda (Delamontagne, 2003; Witzel, 2002). Hoffman (2002) maintains that watershed
changes in society, technology, science, and the interconnected nature of global society and business make
the subjec
								
To top