Breaking Down the Risk-Assessment Process
Compliance Week (06/15/10), Thompson, Louis M.
In order to examine risk assessment in general, one must see how companies have developed their risk-assessment process. Most tend to follow legal and regulatory requirements relevant to their industry and standards from the Sarbanes-Oxley Act. Risk assessment has evolved to a large number of people with responsibility having the title of chief compliance officer. The sophisticated companies have joined their legal and regulatory risk assessments with enterprise risk management. This is holistic, since finding risks involves analyzing the enterprise in general. Risk assessment is undertaken by compliance and risk management professionals, typically because they have trouble defining their roles, boundaries, and coordination. At Marsh & McLennan, the two functions are now performed by a chief risk and compliance officer. The company argues that it may be enough to increase awareness of risk through risk identification processes the first year. Additionally, the Marsh Mac thinks it will be successful in the long-term by having executive management support, and by ensuring that the board of directors are senior management are engaged. H.J. Heinz boosted its risk assessment process by including reputation management as part of the company’s risk assessment. Heinz today makes sure that executives assess risk in operational and non-operational areas. Recent incidents at BP and Massey Energy show that proper risk assessment and management most likely could have prevented operational failures and the ruin of reputation.