In the midst of accounting scandals and the aftermath of 9/11, a study by a Brigham Young University professor and other accounting experts provides organizational guidance through a revolutionary risk-management framework that helps companies prepare for corporate catastrophes.
The study, intended for all organizations regardless of size, provides a "how to" process for identifying, measuring, prioritizing and responding to risks. Associate Professor of Accountancy at BYU's Marriott School of Management Douglas Prawitt, says the framework is a process for managing risks ranging from natural disasters to fraud. He says the process can also be applied in noncatastrophic events such as shifts in the market.
"Most companies have access to bits and pieces of various enterprise risk-management frameworks, but these frameworks are incomplete, and companies have been left to fend for themselves," Prawitt says. "Our goal was to develop a comprehensive and coordinated enterprise risk-management conceptual framework, together with detailed application guidance that will serve as the generally accepted standard in the business world."
Prawitt represents the American Accounting Association on the Committee of Sponsoring Organizations (COSO) of the Treadway Commission Advisory Council. The council oversaw the study, "The Enterprise Risk-Management Conceptual Framework," and PricewaterhouseCoopers was selected to lead the project, which required more than 10,000 hours of research and study. COSO plans to issue the conceptual framework for public review and comment on July 15 and is currently working with the PricewaterhouseCoopers project team to develop the detailed application guidance.
While many organizations may be engaging in some aspects of enterprise risk-management, COSO's framework identifies all aspects that should be present and how they can be coordinated. Prawitt says by evaluating risks, organizations can avoid, mitigate or prepare to face adverse outcomes. The study urges company leaders to identify anything that could impact an organization's ability to reach its goals. Factors representing negative risks are addressed through the risk-management guidelines, while positive risks can be implemented into organizational strategy.
"Our study was motivated by a survey of boards of directors in 2000 who said risk-management was a number-one concern," says COSO Chairman John Flaherty. "There was clearly a lot of discussion and focus on it, but at the same time, not a lot of understanding about it. I think there just wasn't a common ground or framework for companies to implement a process."
COSO is a volunteer organization committed to the improvement of financial reporting through business ethics and effective internal controls. The five major financial associations in the United States sponsoring the committee are the American Institute of Certified Public Accountants, the American Accounting Association, Financial Executives International, the Institute of Internal Auditors and the Institute of Management Accountants.
Writer: Andrew Watson