Monday, March 02, 2009

We should be asking ourselves these questions

From S&P ERM Review Discussion Questions :

a. What are the company's top risks, how big are they, and how often are they likely to
occur? How often is the list of top risks updated? Do we know what are the company top risks?
b. What is management doing about top risks? At the enterprise wide level? Business level? Entity specific?
c. What size quarterly operating or cash loss has management and the board agreed is
tolerable? Do we have an approach determining the risk appetite taking into consideration all risks faced by the organization?
d. Describe the staff responsible for risk management programs and their place in the
organization chart. How do you measure success of risk management activities? Is risk management a success by having a framework but lacks implementation?
e. How would a loss from a key risk impact incentive compensation of top management
and on planning/budgeting?
f. Tell us about discussions about risk management that have taken place at the board
level or among top management when making strategic decisions. How do we frame risks in these strategic decisions?
g. Give an example of how your company responded to a recent “surprise” in your
industry and describe whether the surprise affected your company and others
differently. How did we respond to the Financial Crisis and what came out of that?
.

No comments: