Corporate Risk Assessment.

The 2010 Aon Global Enterprise Risk Management (ERM) Survey' noted that the uncertainty
surrounding the global economy had significantly increased, and that awareness of the need to
manage and leverage risk had never been higher. The report identified some hallmarks of
advanced ERM, which included the importance of:

board-level commitment to ERM as a critical framework for successful decision-making

and for driving value

the engagement of all stakeholder in the development of risk management strategy and

policy setting
a move from focusing on risk avoidance and mitigation to leveraging risk and risk
management options to extract business value.

The US COSO integrated framework for enterprise risk management (ERM)

In 2004, COSO provided an integrated framework for enterprise risk management, building on
the 2002 Sarbanes-Oxley Act. It explained that:
- Enterprise risk management is a process effected by the entity's board of directors,
management, and other personnel, applied in strategy setting and across the enterprise,
designed to identify potential events that may affect the entity, and manage risk so that it is
within the risk appetite, to provide reasonable assurance regarding the achievement of
objectives. the challenge facing Boards is how to oversee the organizations enterprise-wide risk
management effectively in a way that balances managing risks while adding value to the
organization. An entity`s board of directors plays a critical role in overseeing an enterprise-wide
approach to risk management.

COSO'S Enterprise Risk Management Integrated Framework highlights four areas that
contribute to board oversight of enterprise risk management:

understanding the entity's risk philosophy and concurring with the entity's risk appetite;
knowing the extent to which management has established effective enterprise risk

management of the organization;

reviewing the entity's portfolio of risk and considering it against the entity's risk appetite;

being apprised of the most significant risks and of whether management is responding
appropriately.

The New York Stock Exchange's listing rules now require the audit committes of listed
corporations to explain their risk assessment and management policies .

The global financial crisis: a new emphasis on corporate risk.

in the light of the global financial crisis, the steering Group on Corporate Governance of the
OECD, whose corporate governance code was discussed in chapter 5, re-examine the
adequacy of its corporate governance principles. The real need , the committee felt , was to
improve the practice of the existing principles.
the OECD conclude that the board's responsibility for defining strategy and risk appetite needed
to be extended, because in some important cases the risk management system was not
compatible with a company's strategy and risk appetite. Building on the OECD Principles, the
report proposed that it is good practice for:

the risk management function to report directly to the board;

the risk management function to consider any risk arising directly from the compensation

and incentive systems in place;

the effectiveness of the risk assessment and management process to be monitored and
the result disclosed, noting that experiences with such disclosures up until now had not
been good.

In the UK ,the 1999 Turnbull Report drew attention to the importance of board-level risk
assessment.
In 2008, a Bank of England report on financial stability and risk management called for `effective
firm-wide identification and analysis of risk including information sharing across the
organization, particularly between senior management and business lines, and firm-wide plans
to reduce exposures or hedge risks`. The report noted that `one clear shortcoming has been
bank's overreliance on credit ratings in determining inherent risk`. Credit rating agencies now
include enterprise risk management processes in their corporate credit rating analyses.

In 2010, the International Corporate Governances Network (ICGN) enhanced its Global
Corporate Governance Principles with a set of Corporate Risk Oversight Guidelines. The
guidelines emphasize:

the risk oversight process begins with the board;

corporate management is responsible for developing and executing an enterprise's

strategy and routine operational risk programme.

shareholder, directly or through designated agents, have a responsibility to assess and
monitor the effectiveness of boards in overseeing risk at the companies in which they
invest;