Studies of Risk Management
Enterprise-wide risk management is an emerging concept that has gained in popularity over the past decade. The recognition of a more risky business operating environment and, at the same time, increased accountabilities has led several professional organizations to address control and risk assessment in major publications. In addition, several of the Big Five accounting firms have produced documents expounding the value of enterprise-wide risk management.
In 1992, the Committee of Sponsoring Organizations of the Tread-way Commission (COSO) issued Internal ControlIntegrated Framework (ICIF).12 This pathfinding document departed from the traditional internal accounting control model by presenting a broad control framework of five interrelated components: control environment, risk assessment, control activities, information and communication, and monitoring. According to the document, control is the responsibility of the board of directors, management, and other personnel within the organization, not just the accountants. Particularly relevant is the identification of risk assessment as a vital component of control.
The growing importance of risk management is evidenced by the following major publications issued by professional groups since ICIF was published:
Economist Intelligence Unit (in cooperation with Arthur Ander-sen & Co.), Managing Business RisksAn Integrated Approach (1995).
Canadian Institute of Chartered Accountants Criteria of Control Board, Guidance for Control (1995).
The Conference Board of Canada (by L. Nottingham), A Conceptual Framework for Integrated Risk Management (1997).
American Institute of Certified Public Accountants, Report of the Special Committee on Assurance Services (1997).
Canadian Institute of Chartered Accountants Criteria of Control Board, Learning About Risk: Choices, Connections and Competencies (1998).
Institute of Internal Auditors Research Foundation (by D. McNamee and G. M. Selim), Risk Management: Changing the Internal Auditor's Paradigm (1998).
International Federation of Accountants Financial and Management Accounting Committee (prepared by Pricewaterhouse-Coopers), Enhancing Shareholder Wealth by Better Managing Business Risk (1999).
Joint Australian/New Zealand Standard, Risk Management (1999).
Canadian Institute of Chartered Accountants Criteria of Control Board, Guidance for DirectorsDealing With Risk in the Board-room (1999).
The Institute of Chartered Accountants in England and Wales Internal Control Working Party, Internal Control: Guidance for Directors on the Combined Code (1999).
American Institute of Certified Public Accountants/Canadian Institute of Chartered Accountants Risk Advisory Services Task Force, Managing Risk in the New Economy (2000).
While a few of these publications include case studies analyzing companies' experiences implementing risk management, most of the studies tend to advocate a particular generalized framework for risk management. Each of the publications listed, as well as others, appears in the annotated bibliography in appendix C.