Emerging governance practices in enterprise risk management

As the oversight role of the corporate board in Enterprise Risk Management (ERM) expands, companies feel the need to fill a knowledge gap on effective risk governance practices. The concept of correlating risk management, governance, and strategy in an enterprise-wide structure first appeared in the midst of merger frenzy of the late 1980s. At the time, many executives and strategists acknowledged that the enormous amount of risk undertaken through a series of corporate combinations was often not justified by a sound analysis of long-term prospects. In the 1990s, the debate continued and increasingly drew the attention of the business community, only to be obfuscated by the more exclusive focus on financial and accounting risks resulting from the wave of scandals of the Enron era. A few years into the implementation of the Sarbanes-Oxley Act of 2002, corporations are now ready to leverage their experience with mandatory internal control procedures to establish a more comprehensive ERM infrastructure. In response to the need for guidance in the design and implementation of ERM, The Conference Board instituted a case-study based Research Working Group on Enterprise Risk Management with select risk and governance officers. Intended as a complement to the recent paper on The Role of U.S. Corporate Boards in Enterprise Risk Management (by Carolyn K. Brancato, Matteo Tonello, and Ellen Hexter), this study presents an overview of the research group's findings, including insights from five case studies of companies at the forefront of ERM:- Bristol-Myers Squibb Company - Capital One Financial Corporation - International Paper - MetLife, Inc. - Moody's Investors Service The paper also outlines a risk governance "road map," with a detailed discussion of the oversight role of corporate boards in each stage of ERM development and execution.