Risk Oversight
Risk Assessment and Oversight
Traditionally, audit committees have focused on understanding a company's financial reporting and the related risk management programs. Audit committees, today, have broadened their horizon to include an understanding of the broader risks affecting the company, as well as the company’s overall risk management program.
These risks may be related to the organization’s strategy, operations, and compliance with environmental, health, safety, legal, and regulatory requirements. Therefore, audit committees should develop a thorough understanding of the company's overall risk management processes across the enterprise.
There are a growing number of tools available for companies to use to support their management of enterprise risks, including risks associated with financial reporting; to assess the potential impact of risks and the degree of vulnerability; and to link risks to specific management areas and activities in the organization.
Authoritative Guidance
- OSC Staff Notice 51-720, Issuer Guide for Companies Operating in Emerging Markets (34-page PDF file)
- Staff Audit Practice Alert No. 8, Audit Risks in Certain Emerging Markets (PCAOB, 22-page PDF file)
- Disclosure Guidance Addressing Cybersecurity Reporting Considerations (SEC)
- Board Proposes New Auditing Standards Related to the Auditor's Assessment of and Responses to Risk (PCAOB)
- COSO Enterprise Risk Management - Integrated Framework
Thought Leadership - Risk Assessment
- Risk Management and Macroeconomic Uncertainty: Short-term Consequences of Long-term Risk (MSCI, 7-page PDF file)
- A Framework for Board Oversight of Enterprise Risk (CICA, 88-page PDF file)
- What's Your Risk Attitude? (And How Does It Affect Your Company?) (Harvard Business Review)
- Risk Appetite & Tolerance Guidance Paper (Institute of Risk Management, 42-page PDF file)
- Boards and Risk: A summary of discussions with companies, investors and advisers (UK Financial Reporting Council, PDF)
- Calculated risk? The view from the boardroom (Korn/Ferry Institute, 16-page PDF file)
- Risk Oversight: Is it Broken? What are the New Expectations? (Risk Oversight, 8-page PDF file)
- Board Risk Oversight Survey Report (COSO, PDF)
- 20 Questions Directors Should Ask about Risk (CICA, PDF)
- 20 Questions Directors Should Ask about Strategy (CICA, PDF)
Thought Leadership - Risk Management Effectiveness
- The 2013 COSO Framework & SOX Compliance (COSO, 2013/05/31, 9-page PDF file)
- Risk Management Beyond VaR (David M. Rowe Risk Advisory, 22-page Word file)
- Corporate Risk Managers Suggest They Are Increasingly Prepared for a Variety of Risks, Says New Towers Watson Survey (Towers Watson, 6-page PDF file)
- Global Risk Management Survey 2013 (Aon, 124-page PDF file, Free Registration Required)
- Guide to Internal Control Over Financial Reporting (Center for Audit Quality, 16-page PDF file)
- Pension risk management issues for CFOs (Mercer, Canadian Financial Executives Research Foundation , 2013/28, 48-page PDF file)
- Integrating risk into performance: Reporting to the board of directors (CGMA, 12-page PDF file)
- Evaluating and Improving Internal Control in Organizations (IFAC, 25-page PDF file)
- Strong Links for Effective Risk Management (The Institute of Internal Auditors, 4-page PDF file)
- Risk Management in a Time of Global Uncertainty (Harvard Business Review, 2012/03, PDF)
- Contemporary Practices in Risk Management (The Institute of Internal Auditors, PDF)
- Embracing Enterprise Risk Management: Practical Approaches for Getting Started (COSO, PDF)
- Developing Key Risk Indicators to Strengthen Enterprise Risk Management (COSO 2, PDF)
- State of Enterprise Risk Management Survey Report (COSO, PDF)
- A Unified Approach to Risk Management (AICPA, PDF)
- Guidance on Improved MD&A Risk Reporting (CICA)
Dig Deeper
