Making Enterprise Risk Management Pay Off. - Review - book review

Internal Auditor, June, 2001 by Curtis C. Verschoor

by Thomas L. Barton, William G. Shenkir, Paul L. Walker

ISBN 1-885065-21-3

2001; 250 page; $75.00

Published by the Financial Executives

Research Foundation, Inc.

Phone Orders (U.S. and Canada only): 800-680-FERF.

Outside the U.S.: 1-770-751-1986

Web site: www.ferf.org

N MAKING ENTERPRISE RISK Management Pay Off, the authors discuss the many risk matters of which internal auditors should be aware to effectively serve the needs of management and the board of directors. The authors suggest that risk management provide a forward-looking strategic evaluation, monitoring, and disposition of both risks and opportunities. Beginning with a helpful discussion of the contextual factors causing the rapidly escalating interest in enterprise risk management (ERM), the book also provides a list of the major materials published on the subject since the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued its landmark internal control framework in 1992.

The authors substantiate the need for enterprise-wide attention to risk assessment, evaluation, and mitigation and note the factors that have brought about this approach. These factors include the effects of globalization, increasing speed of technological advancements, heightened merger activity, greater customer expectations, pervasive effects of widespread downsizing, and changes in the regulatory environment. The book reflects the authors' enthusiasm for ERM as a process and management tool and does not contain warnings of negative factors that might inhibit its successful implementation.

Most of the book is devoted to describing the ERM experiences of five companies in various industries: Chase Manhattan Corp. (now JP Morgan), E. I. Dupont de Nemours and Company, Microsoft Corp., United Grain Ltd., and Unocal Corp. All leaders in their fields, each company approaches ERM from a unique perspective. Because most of the major ERM elements are in place and working, the authors conclude that one approach is not right for every situation.

"Lessons Learned from the Case Studies" compares the various aspects of ERM across each of the study companies and sets forth the common insights the companies gained while implementing ERM processes. Conclusions are presented in 18 value lessons, ranging from the seemingly obvious to the critically important. Lesson No. 1 suggests, "A cookbook recipe for implementing enterprise-wide risk management is not feasible because so much depends on the culture of the company and the change agents who lead the effort." Lesson No. 18, which may not be sufficiently recognized by many internal auditors, states: "A prerequisite for implementation of enterprise-wide risk management is the commitment of one or more champions at the senior management level." For example, at Microsoft, the treasurer and leader of the risk group points out, "At the end of the day, the chief risk officer is Bill Gates."

The Risk Management Quiz at the back of the book, is a key benefit for readers in organizations beginning to investigate ERM. The one-page matrix provides a framework for assessing an organization's existing risk management strategy and facilitates a comparison of the level of perceived significance of the most important risks facing the organization with current management effectiveness in managing them. The size and direction of the gap between the two identifies in relative terms which risks may be over-managed or under-managed and by how much. Thereafter, the authors pose a series of questions leading to the steps needed to implement an effective ERM process.

This well-organized, compact book is full of insights that internal auditors and others with an interest in the area will find extremely helpful. If you read only one book on ERM, this should be the one. If you're planning to read more than one, get this one first and use the book's annotated bibliography to choose others. The book is a must-read for internal auditors considering how their function can better use the forward-looking, broadly focused perspective of the ERM process in all of its activities.

CURTIS C. VERSCHOOR is the Quill Research Professor in the School of Accountancy at DePaul University in Chicago.