8 Legislators and regulators Legislators and regulators can affect the ERM

8 legislators and regulators legislators and

This preview shows page 3 - 5 out of 5 pages.

8. Legislators and regulators.
Image of page 3
Legislators and regulators can affect the ERM approach of many organizations, either through requirements to establish risk management mechanisms or systems of internal controls (for example, the U.S. Sarbanes-Oxley Act of 2002) or through examinations of particular entities (for example, by federal and state bank examiners). Legislators and regulators may establish rules that provide the impetus for management to ensure that risk management and control systems meet certain minimum statutory and regulatory requirements. Also, they may conduct regulatory examinations that provide information useful to the organization in applying ERM, and recommendations to management regarding needed improvements. 9. Other external parties. Finally, other outside stakeholders may impact an organization’s ERM activities: Customers, vendors, business partners, and others who conduct business with an organization are an important source of information used in ERM. * * Creditors can provide oversight or direction influencing how organizations achieve their objectives. For example, debt covenants may require organizaition Financial analysts, rating agencies, news media, and other external parties can influence risk management activities. Their investigative and monitoring activities can provide insights on how others perceive the organization’s performance, industry and economic risks, innovative operating or financing strategies, and industry trends. Management must consider the insights and observations of these parties and, if necessary, adjust the corresponding risk management activities. Providers of outsourced services are becoming a more prevalent way for organizations to delegate their day-to-day management of certain noncore functions. The external parties discussed above may directly influence an organization’s ERM activities; however, using outside service providers may result in a different set of risks and responses than if the organization did not outsource any functions. Although external parties may execute activities on behalf of the organization, management cannot abdicate its responsibility to manage the
Image of page 4
associated risks and should establish a program to monitor outsourced activities.
Image of page 5

You've reached the end of your free preview.

Want to read all 5 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture