In December of 2001, Enron Corporation filed for bankruptcy protection (Sloan, 2006). Earlier that same year, Enron was touted as one of Fortune 500 Magazines top companies, landing at number seven on the list in relationship to their 100-plus billion dollars in revenues (Fortune, 2001). The events that took place at Enron unfolded throughout the early 21st century. The media zoned in on the senior leadership at Enron, who were charged with various counts of fraud and misconduct, essentially leading to the downfall of the large company. Worldcom was also another company that was caught up in accounting fraud in the realm of $11 billion (Jeter, 2006). Both of these incidents have set the stage for the current focus on corporate governance and accountability in the 21st century.
Describe the Situation Countrywide Financial
Countrywide Financial is a mortgage focused financial services company, and will be referred to as "CFC" throughout the remainder of this document. CFC is the number one loan originator in the United States, as well as the number two loan servicing company in the nation. This means that CFC handles a big piece of the money that flows through the economy of the world, and most specifically, within the United States. Having the designation of one of the biggest banks in the nation means that there are many responsibilities that CFC must take into consideration. CFC has been extremely aware of the regulatory environment, as well as the impact from SOX and other pieces of legislation that impact the business. The following report assumes that CFC does not currently have an Enterprise Risk Management framework in place, and is looking into ways of building an ERM framework and program. In reality, CFC already has in place an extensive Risk Management function, as well as supporting functions, such as Compliance, SOX Framework, and Strategic Planning. Environment for CFC
CFC is a publicly traded company on the New York Stock Exchange, as well as a chartered bank of the Federal Reserve. These facts mean that CFC is audited by many external entities, but some of the more important include the Securities and Exchange Commission (SEC), the Federal Reserve Board (FRB), and the Office of the Comptroller of the Currency (OCC). Also, since CFC is publicly traded, the company must ensure that it reports its financials accurately, according to SEC guidelines. In this regard, CFC is no stranger to the regulatory environment introduced by legislation such as Sarbanes-Oxley and recommendations introduced by the Committee of Sponsoring Organizations of the Treadway Commission, otherwise known as COSO.
Frame the "Right" problem
Bringing together the Board of Directors, Senior Management, and Shareholders, CFC has an opportunity to implement governance controls that support the regulatory expectations as well as the corporate objectives. Enterprise Risk Management requires all levels of participation from the staff employees to the senior management, and even the Board of Directors (Chew & Gillan, 2005). At CFC, all aspects must come into play to leverage the necessary resources for an optimal solution to a regulated environment. Overall, any objective to implement an ERM program at CFC requires controls. There are three major categories of controls in relationship to risk. The first control type is a preventative control. Preventative controls can be put in place to mitigate or stop a risk from being realized. Each risk that a company faces can potentially impact the value of the company, and preventative controls are strong by reducing or eliminating the chance that a risk will arise. The second type of control is the detective type. Detective controls focus on the identification of risks. Unlike preventative controls, detective controls do not prevent a risk from being realized, but rather, help to identify when it has occurred. Finally, corrective controls are used to mitigate the impact from a risk...