This paper discusses how a company can successfully implement the Enterprise Risk Management based on COSO guidelines. This paper discusses a step by step process of the implementation plan at Dell Inc, the responsibilities of the workforce and management, the risk mitigation approach and how to monitor the activities successfully.
Enterprise Risk Management
In the wake of all the financial scandals, a variety of laws and regulations have been passed which makes the board of directors solely responsible for the financial results of their company. Sarbanes Oxley Act of 2002 was one of them, but this covers only a part of the total risks that a company faces. A much wider range like strategic, operational and hazardous risks lies outside this. To cover all the aspects of risks that an organization faces, companies are implementing the Enterprise Risk Management program, which means: Enterprise risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. (coso, 2004). In this paper I will be outlining a plan to implement the enterprise risk management based on COSO recommendations for Dell Computers Inc. The main step in implementing the ERM plan is to create a framework that will define what the ERM will mean for the company and use this framework to develop a plan that will be tailored to the company's needs. The company should assemble a team that is motivated to implementing a successful ERM program. The team members can be selected from different departments, where each member represents each unit. The members selected should be committed and motivated towards implementing a successful risk management program. A team leader should be appointed who will oversee the developments. The team leader should be independent and an expert in risk management. The leader will work with the company's internal and external advisors. If any discrepancy in accounting or financial reporting is identified, the leader should immediately report the matter to the board of directors. The representatives will address the risks of their own business units to the leader and the team as a whole can come up with a strategy or solution to mitigate these risks. Communication on a timely basis is an integral part in the success of this program. All the team members should be given training and assistance in all the areas. The members should have a clear knowledge about the objectives that are going to be achieved by this plan, and why the company needs a plan at present. A separate committee to oversee the project should be formed. Before implementing this plan, communication with the stakeholders is an important part. By doing this, the company can know if the stakeholder objectives are aligned with the company's plans and policies. Communications with the high level management are also an integral part because without the involvement and consent of the top management no programs can be implemented. So the top management representatives like the CEO and the CFO should be included in this committee. A project charter should be created that will outline the objectives that are going to be achieved and the responsibilities of the team members will be clearly outlined. The charter will clearly define the steps to take when a conflict arises, or if the company falls behind when implementing this plan. The main mission of this program should be to identify and mitigate all the risks that will threaten the shareholder value. After creating a framework for the plan, the main risks should be identified. Risks can be identified in different ways like sending out questionnaires, interviewing, comparing with competitors or doing a benchmarking. Assign a...
Please join StudyMode to read the full document