Standard & Poor’s ERM Analysis Expected to Raise Profile of Corporate Risk

Standard & Poor’s (S&P) has released its long-awaited direction on how it will incorporate Enterprise Risk Management (ERM) into its business analysis and reporting. This development is going to impact all kinds of businesses, so they’re going to take it slow: S&P isn’t expected to include ERM into its ratings until Q3 2009. Still, companies should consider reviewing their GRC strategies — or consider developing one.

S&P regards ERM, as:

• An approach to assure the firm is attending to all risks;
• A set of expectations among management, shareholders and boards of directors regarding which risks the firm will and will not take;
• A set of methods for avoiding risk exposure that would be outside of the organization’s tolerance;
• A method to shift focus from “cost/benefit” to “risk/reward;”
• A way to help fulfill a fundamental responsibility of a company’s board and senior management;
• A toolkit for trimming excess risks and a system for intelligently selecting which risks need trimming; and
• A language for communicating the firm’s efforts to maintain a manageable risk profile.

S&P is expected to assure the market that companies aren’t expected to eliminate all risks. But it’s prudent to show that the enterprise’s risks are known and well managed. That’s another reason why an integrated software platform that helps managers monitor and manage risk across the enterprise is a C-suite imperative right now.

Add comment May 21st, 2008