8.
Legislators and regulators.
Legislators and regulators can affect the ERM approach of many
organizations, either through requirements to establish risk
management mechanisms or systems of internal controls (for
example, the U.S. Sarbanes-Oxley Act of 2002) or through
examinations of particular entities (for example, by federal and state
bank examiners). Legislators and regulators may establish rules that
provide the impetus for management to ensure that risk management
and control systems meet certain minimum statutory and regulatory
requirements. Also, they may conduct regulatory examinations that
provide information useful to the organization in applying ERM, and
recommendations to management regarding needed improvements.
9. Other external parties.
Finally, other outside stakeholders may impact an organization’s ERM
activities:
Customers, vendors, business partners, and others who conduct
business with an organization are an important source of information
used in ERM. * *
Creditors can provide oversight or direction influencing how
organizations achieve their objectives. For example, debt covenants
may require organizaition
Financial analysts, rating agencies, news media, and other external
parties can influence risk management activities. Their investigative
and monitoring activities can provide insights on how others perceive
the organization’s performance, industry and economic risks,
innovative operating or financing strategies, and industry trends.
Management must consider the insights and observations of these
parties and, if necessary, adjust the corresponding risk management
activities.
Providers of outsourced services are becoming a more prevalent way
for organizations to delegate their day-to-day management of certain
noncore functions. The external parties discussed above may directly
influence an organization’s ERM activities; however, using outside
service providers may result in a different set of risks and responses
than if the organization did not outsource any functions. Although
external parties may execute activities on behalf of the organization,
management cannot abdicate its responsibility to manage the
associated risks and should establish a program to monitor
outsourced activities.
You've reached the end of your free preview.
Want to read all 5 pages?
- Fall '19
- Management, ERM
