مقاله سال ۲۰۱۶

Historically, risk management was viewed very narrowly and handled separately in silos. Under this fragmented view of risk, businesses focused on specific potential events that could be insured against (e.g., property, safety, health). In financial areas, the focus was on interest rate risk, currency risk, or commodity risk (Kloman, 2010). In the mid- 1990s a number of publications began advocating to businesses that risk management should include all risks, not just specific ones that are easier to quantify, and that risks should be managed as a portfolio across the enterprise. Leading the way were the Australian/New Zealand Risk Management Standard 4360, Tillinghast-Towers Perrin, and the Conference Board of Canada. The Australian/New Zealand Risk Management Standard was first published in 1995 and the Canadian Standards Association (1997) soon followed with its version that added ‘communication’ and ‘consultation’ to the framework (CAN/CSA-Q850-97). The Australian/ New Zealand Standard was then re-issued (Standards Australia/Standards New Zealand, 1999) with updates, including the Canadian additions.

The 1990s saw an increased emphasis on governance, risk, and control, with several important publications moving forward the concepts of governance and risk management. These included the Group of Thirty report (USA), CoCo (the criteria of control model developed by the Canadian Institute of Chartered Accountants), the Toronto Stock Exchange Dey report (Canada), and the Cadbury report (UK). During this period, many thought of enterprise risk management (ERM) as just another flavor-of-the-month management technique, especially since it was often consultants who pushed for it–—with their guidance, of course.

ERM has come a long way since we began researching the topic at the beginning of this century. Much has been written about it and the concepts are now well enough entrenched that ERM is likely here to stay. Many misconceptions exist about ERM, however, such that someone starting on the implementation journey islikely to be confused. Furthermore, a number of additional drivers for ERM have emerged: rating agencies (particularly Standard and Poor’s and Moody’s, which include assessments of ERM in their methodologies); regulators; and, in the United States, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), which in 2004 developed its own ERM framework, lending credibility to the concept of ERM among U.S. management and boards.