How to Ensure ERM Works at Small Companies, Too

Document Sample
How to Ensure ERM Works at Small Companies, Too Powered By Docstoc
					How to Ensure ERM Works at Small Companies, Too
By Bill Stephens                               who would put his company at risk for         has been solidified, then you can consider
Compliance Week Guest Columnist                the potential income, without adequately      using a good software program for mea-
Senior Audit Consultant,        evaluating the potential loss. A good ERM     suring your performance.
                                               program would have captured these types          The following are examples of man-

I  n my 34 years of experience as an inter-
   nal auditor, I’ve seen a wide variety of
enterprise risk management control fail-
                                               of loss exposures with effective mitigating
                                                   I am not as worried about large banks
                                                                                             ual ERM processes I’ve performed that
                                                                                             strengthened the company’s operations
                                                                                             and prevented potential losses.
ures. And to my thinking, they all share       because national bank examiners put so
one common denominator: a failure by           much pressure on controls, compliance,            Example 1: At an independent bank, the
the board or the CEO to implement an ef-       and regulations that the only question is     examiners had made a comment on large
fective ERM program that addressed the         how quickly and effectively the ERM pro-      Currency Transaction Reports (CTR)
right risks.                                   grams will be implemented. At small and       and adherence to the Bank Secrecy Act.
    That has become all the more clear in      mid-sized institutions, however, I suspect    To rectify the exposure and keep our au-
light of the financial crisis of the last 18   the boards and senior management still        dit independence, we had the branches
months, where many banks failed to un-         see these programs as an expense rather       send all CTRs and suspicious transactions
derstand the risks confronting them—and        than an investment. In reality, boards        to us (the internal audit department) for
then just failed, period. An effective ERM     should be the biggest supporters of ERM       review before they were sent to the IRS.
program might not have prevented all           because this will be their tool for moni-     For almost a year we maintained a month-
these failures, but it certainly would have    toring and evaluating the performance of      ly spreadsheet, by branch, of all CTRs re-
identified the risk exposures sooner.          their company.                                ceived and the ones that had to be returned
    A paper by Paisley, “ERM Assessment            The one key factor is that the board      for corrective action before mailing. The
Guide,” had an interesting breakdown of        must ensure that its ERM program is           results identified which branches or tell-
the root causes of bank failures. Paisley      developed and implemented correctly;          ers needed the most training, and we were
identified four typical causes: 49 percent     otherwise, the ERM effort won’t be cost-      able to keep errors to a minimum.
were the result of inadequate board su-        effective. Garbage in, garbage out. The           In reality, boards should be the biggest
pervision; 37 percent were due to the pres-    foundations of effective ERM programs         supporters of ERM because this will be
ence of a dominant figure such as a CEO        should be:                                    their tool for monitoring and evaluating
or chairman; 32 percent stemmed from an                                                      the performance of their company.
over-reliance on volatile funding sourc-       »   Identify your key risks and loss ex-          We had also emphasized the impor-
es; and 26 percent were from excessively           posure areas and develop indicators/      tance of suspicious transactions as part
growth-oriented philosophies.                      trigger points to measure their per-      of the review process, and one branch
    Of course, in reality, most failures           formance, so that changes in any areas    notified me about a young lady making
trace back to a combination of causes that         of risk (like mortgage-backed securi-     $5,000 cash deposits every other day. Our
cascaded out of control. But in my experi-         ties) will raise an alert that must be    reporting of the incidents ul
Description: A global leader in serving libraries of all types, ProQuest LLC (“ProQuest”) supports the breadth of the information community with innovative discovery solutions that power the business of books and the best in research experience. More than a content provider or aggregator, ProQuest is an information partner, creating indispensable research solutions that connect people and information. Through innovative, user-centered discovery technology, ProQuest offers billions of pages of global content that includes historical newspapers, dissertations, and uniquely relevant resources for researchers of any age and sophistication—including content not likely to be digitized by others.
ProQuest creates specialized information resources and technologies that propel successful research, discovery, and lifelong learning.