Enterprise Risk Management: No Company Is Spared

"Just when you thought Sarbanes Oxley concerns had been sufficiently addressed so that non-public companies could take the issue off their dashboard, things have changed, " says Gary W. Patterson, Enterprise Risk Management expert and speaker. He forewarns that Enterprise Risk Management (also referred to as ERM) will soon become a business issue for almost every business on the planet, including family-owned businesses, private companies, and nonprofits. This is a strategy shift for many of these organizations, which up until this point thought Sarbanes Oxley (sometimes affectionately known as Sarbox) applied only to public companies, and big ones at that.

One major reason for this sea change in philosophy is that both Standard & Poor and Moody are soliciting comments on their approach to ERM analysis and how they plan to factor it into their ratings. Their discussions will accelerate activity under way where bankers, governmental organizations, and regulators, in particular, have been considering the need for stronger corporate governance. For them Sarbox is an easily obtainable platform to use for drafting programs they believe should exist in corporations directly or indirectly under their jurisdiction. Lest you have any doubts, note how user friendly definitions from Wikipedia describe this trend.

"In business, enterprise risk management (ERM) includes the methods and processes used by organizations to manage risks (or seize opportunities) related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. ERM can also be described as a risk-based approach to managing an enterprise, integrating concepts of strategic planning, operations management, and internal control. ERM is evolving to address the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex organizations to ensure they are appropriately managed. Regulators and debt rating agencies have increased their scrutiny on the risk management processes of companies." per wikipedia.

Exactly when ERM programs will be implemented is a tougher question. Understandably, non-public companies have a range of reasons for preferring to delay the time when ERM factors will apply to them. However, the question is WHEN - not IF - some form of Enterprise Risk Management requirements will be applied. Family-owned business, other forms of private companies, and non-profits have been forewarned in a number of publications, speeches, and white papers over the last two years.

Some will say that we are drowning in white papers on ERM, corporate governance, Board of Directors, and risk analysis available and dismiss the issue. But those who are proactive, not reactive, will find the time well spent if they begin some level of enterprise risk management dialogue before something critical happens and your company is being second guessed by the ratings agencies, your auditors, or worse yet, a trial attorney.

The topic most companies neglect at their peril is the impact of a fast-approaching clean-energy-influenced economy. Here, we must reassess how much sooner we need to think about a renewable energy world as it relates to areas of your business that will be impacted both positively and negatively, and how that will change your company's current and long range business plans, including the magnitude of those changes. After all, most C-level executives and their top management teams that I know do not like being second guessed and blind sided.