Enterprise Risk Management
Essay Preview: Enterprise Risk Management
Report this essay
Running head: ENTERPRISE RISK MANAGEMENT
Enterprise Risk Management
F. Bruce Creech
MBA560
Marina Fraiqun, Esq.
March 21, 2008
University of Phoenix
Enterprise Risk Management
Organizations are faced with all types of risks. Some risks can be internal or external and can result in total devastation of an organization. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was established in 1985 to study issues which could lead to fraudulent financial reporting. These findings were then recommended to public companies, independent auditors, the Securities Exchange Commission and other regulators, and various educational institutions (COSO, 2008). Unfortunately, many organizations failed to follow these guidelines and millions of employees and shareholders were affected by fraudulent activities within these organizations. Enron, Tyco, WorldCom, and Adelphia were some of the companies who reported fraudulent information regarding returns on investments and operating capital. As a result of these companies using fraudulent methods in accounting, legislation was passed in the SOX Act to punish those who felt the need to betray those who had invested money and trust into the organization.
In order to help eliminate or deal with the risks faced in today’s corporate community, an Enterprise Risk Management Plan (ERM) can be used. The ERM can help manage risks such as operational, business, regulatory, technical, system, management, reputation, and event risks (IBERM Solutions, 2008). The COSO website indicates, “Enterprises operate in environments where factors such as globalization, technology, regulation, restructurings, changing markets, and competition create uncertainty. Uncertainty emanates from an inability to precisely determine the likelihood that potential events will occur and the associated outcomes.” (COSO Executive Summary, 2003) An ERM will be developed for Rouse Mortuary and Crematory (RMS) in Greenville, NC. This paper will look at the risks and a plan established to help deal with the risks. By bringing unity to the ERM and SOX, the organization can be fully assured there will be no corporate compliance issues.
Rouse Mortuary and Crematory Background
Rouse Mortuary and Crematory is located in Greenville, NC near the Brody School of Medicine of East Carolina University. The organization does contract embalming for approximately 40 funeral homes, cremations for another 25 or so, and also provides transportation of human remains to various states and countries. Those who are deceased and require transportation to other countries are flown by common carrier and special permits are needed. There is an estimated case load of 3200 human remains that are dealt with on an annual basis. This volume brings significant risk. Not only are there state and federal laws and guidelines, but issues involving pricing, inflation, and non-payment of accounts, tax issues, and infectious diseases. Any of these risks could devastate the organization.
Goals of an ERM
The primary risk functions in large corporations that may participate in an ERM program typically include:
Strategic planning — identifies external threats and competitive opportunities, along with strategic initiatives to address them
Marketing — understands the target customer to ensure product/service alignment with customer requirements
Compliance & Ethics — monitors compliance with code of conduct and directs fraud investigations
Accounting / Financial compliance — directs the Sarbanes-Oxley Section 302 and 404 assessment, which identifies financial reporting risks
Law Department — manages litigation and analyzes emerging legal trends that may impact the organization
Insurance — ensures the proper insurance coverage for the organization
Treasury — ensures cash is sufficient to meet business needs, while managing risk related to commodity pricing or foreign exchange
Operational Quality Assurance — verifies operational output is within tolerances
Operations management — ensures the business runs day-to-day and that related barriers are surfaced for resolution
Credit — ensures any credit provided to customers is appropriate to their ability to pay
Customer service — ensures customer complaints are handled promptly and root causes are reported to operations for resolution
Internal audit — evaluates the effectiveness of each of the above risk functions and recommends improvements (ERM, 2003)
While these goals are geared to larger companies with ties to the NYSE and SEC, similar versions will work in a smaller organization as well. Modification of these goals will aid Rouse Mortuary and Crematory to insure they comply with all regulations and laws sanctioned by the funeral industry.
Management Controls
Preventive Controls
Preventive controls are used on a daily basis to assist managers accomplish the objectives of the organization. Preventive controls are designed to discourage errors or irregularities (NOAA, 2005). In the case of RMS, a type of preventive control would be to make those customers with outstanding balances pay on per-call basis. This preventive control would keep the accounts receivables from getting out of control. Another control would be to have all computers within the system be password protected. This control would prevent unauthorized access to privileged information.
Detective Controls
Detective controls are designed to identify an error or irregularity after it has occurred (NOAA, 2005). To reduce expenses, the owner of RMS could have the bookkeeper to monitor phone bills to ensure personnel are not making any long-distance calls. Another control would be to monitor the monthly reports to insure all reporting is accurate. If not, then