Long Term Compliance

Companies that are publicly traded rely on investors to help their company grow. Without the extra revenue that investors provide many companies will go bankrupt. Investors use a variety of tools to help them make educated decisions; one such tool is provided through a company called Standard & Poor’s (S&P).

Standard & Poor's credit ratings are designed primarily to provide relative rankings among issuers and obligations of overall creditworthiness; the ratings are not measures of absolute default probability. Creditworthiness encompasses likelihood of default, and also includes (i) payment priority, (ii) recovery, and (iii) credit stability. (S&P, 2009)

How are the credit ratings calculated?

The answer to that question goes beyond the scope of this essay but one of the variables are new to the formula. That variable is Enterprise Risk Management (ERM). S&P states,
“This enterprise risk management initiative is an effort to provide more in-depth analysis and incisive commentary on the many critical dimensions of risk that determine overall creditworthiness.” (Standard and Poors, 2009)

Investors using S&P, as a source of creditworthiness, will utilize the ratings provided to help make educated decisions before investing their capital. What exactly does this mean for publicly traded companies? Choosing to ignore ERM can now have a major financial impact on your ability to generate revenues. To avoid this impact companies are now implementing Enterprise Risk Management as part of the overall business plan. (SearchCIO, 2008)

In order for corporations to build a reliable Enterprise Risk Management Solution, they will need to think long-term. COSC provides an integrated framework for executives to align organizational goals and the goals that encompass risk management.

COSO's main objectives are to assist organizations regarding:

1) effectiveness and efficiency of operations

2) reliability of financial reporting

3) compliance with applicable laws and regulations

Each of these objectives can be analyzed in light of the interrelated components of an organization's control environment, risk assessment, control activities, information and communication, and monitoring. (Carolyn A. Sigg, 2002)

Implementing a framework like the one set out by COSO, can be considered a long-term goal. Two areas of Risk Management that are essential to long-term success are Risk Assessment and Risk Prevention. Creating a risk assessment life-cycle plan will help you achieve long-term goals for assessing risk.

The life-cycle for risk assessment can be broken down into four main focuses:

1) Goal Definition and Scoping

2) Inventory Risk Analysis

3) Impact Risk Assessment

4) Interpretation of the Risks (Scientific Applications International Corporation, 2006)

When considering long-term risk assessment, implementing these four steps will help you identify, assess, and prioritize your risks. Once you have identified your risk the next step is to mitigate, prevent, or ignore the risks.

Risk prevention is about taking action to prevent risks identified during the risk assessment phase. Prevention can come in many forms, such as policy, training, monitoring, and security.

According to COSO’s Guidance on Monitoring Introduction, The monitoring guidance further suggests that these principles are best achieved through monitoring that is based on three broad elements:

1) Establishing a foundation for monitoring

2) Designing and executing monitoring procedures

3) Assessing and reporting results (COSO, 2009)

These three steps are to help with risk prevention by creating a long-term risk prevention life-cycle process.

The key steps to long-term risk assessment and prevention is implementing life-cycles that allow you to create and monitor processes that will allow continuous improvements.

By: Joseph Dustin