IMA Statement on ERM Implementation
ERM is a concept used by organizations to identify, assess and manage risks to meet objectives and remain accountable to their stakeholders. It approaches risk from a holistic view across the enterprise.
Titled "Enterprise Risk Management (ERM): Tools and Techniques for Effective Implementation," the new statement is available in electronic format (PDF) free of charge on IMA's Web site, www.imanet.org/smas.
Authored by William G. Shenkir, Ph.D., CPA, and Paul L. Walker, Ph.D., CPA, both of the McIntire School of Commerce, University of Virginia, the statement is the authors' second piece on the topic of ERM. Their first, titled "Enterprise Risk Management: Frameworks, Elements, and Integration," was issued in January 2007 and provides a foundation for understanding the concept of ERM.
What makes this statement relevant to American business is the need for risk-based approaches in Sarbanes-Oxley (SOX) compliance programs, according to Jeff Thomson, IMA vice president of Research and Applications Development.
"The Securities and Exchange Commission is promoting top-down, risk-based guidance for management of SOX compliance programs," said Thomson. "While the SEC's point-of-view is principles-based, practitioners will still be looking for practical ways to implement a truly cost-effective, risk-based approach to assessing the effectiveness of their internal controls over financial reporting. This [statement] will help organizations of all sizes best approach SOX compliance requirements and can be leveraged for use in other value enhancing activities."