By Ken Pun
Caporicci & Larson, Certified Public Accountants

In September 2004, the Committee of Sponsoring Organizations of the Treadway Commission published the Enterprise Risk Management – Integrated Framework. The objective is to help managements of businesses and other entities better deal with risk in achieving an entity’s objective. In order to do so, this issue expands the discussion on internal control and provides extensive focus on the subject of enterprise risk management. It is not intended to and does not replace the Internal Control Framework, but entities should consider the enterprise risk management framework along with the original internal control framework together to satisfy their needs and move toward a fuller risk management process.

The main challenge of all management facing is to maximize the value with limited resources. Uncertainty becomes a factor that management should be evaluating at an on-going basis. Enterprise risk management enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value.

By definition, enterprise risk management is a process, affected by people at every level within an organization, applied strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

In order to understand and achieve the entity objectives, the framework establishes four categories of the objectives:

1. Strategic
2. Operations
3. Reporting
4. Compliance

In addition, the framework is served as additional tools in evaluating internal control and introduced the following eight key components:

1. Internal Environment
2. Objective Setting
3. Event Identification
4. Risk Assessment
5. Risk Response
6. Control Activities
7. Information and Communication
8. Monitoring

There is a direct relationship between the four categories of objectives and the eight key risk management components. This framework provides tools to management to determine whether the eight components are present and functioning effectively in each of the four categories of objectives.

The enterprise risk management encompasses:

1. Aligning risk appetite and strategy
2. Enhancing risk response decision
3. Reducing operational surprises and losses
4. Identifying and managing cross-enterprise risks
5. Providing integrated response to multiple risks
6. Seizing opportunities
7. Improving deployment of capital

Limitations always exist such as faulty human judgment, cost and benefit decision on establishing controls while responding risk, breakdowns, management overrides, etc. Therefore, the enterprise risk management cannot provide an absolute

In conclusion, enterprise risk management cannot prevent bad judgments or decisions, or external events that can cause a business to fail to achieve operations goals. However, the framework can provide reasonable assurance that management can be made aware of the extent whether the entity is accomplished and achieved of the objectives in a timely manner.

Toll Free Tel:  (877) 862-2200        Toll Free Fax:  (866) 436-0927

Orange County
9 Corporate Park,
Suite 100
Irvine, CA.   92606 

Oakland
180 Grand Ave.,
Suite 1365
 Oakland, CA.   94612 

Sacramento
777 Campus Commons Rd.,
Suite 200
 Sacramento, CA.   95825 

San Diego
4858 Mercury St.,
Suite 106
 San Diego, CA.   92111
       

Copyright © 2003-2007 Caporicci & Larson, CPAs. All rights reserved.
Please report problems / questions to the The Brookman Company