Introduction
This paper is dealing with a plan to implement enterprise risk management in PricewaterhouseCoopers Company. This implementation is based on the Committee of Sponsoring Organizations of Tread way Commission (COSO) recommendations.
Enterprise Risk Management
Enterprise risk management is all about the processes or procedures that are used by an organization in managing the risks therein. These risks are mostly in relation to the objectives of the organization. In enterprise risk management there is identification of the risks that are likely to occur hindering or negatively impacting achievement of organizational objectives. In enterprise risk management one has to evaluate the magnitude of risks involved in business. The responses of strategies used are clearly determined. Management leaders in organizations have to monitor the progress of enterprise risk management in organization. (Andersen, 1998)
This venture can also be described as carrying out internal controls in organizations. There are two important frameworks of Enterprise Risk Management. They include COSO and RIMS. In this paper, the COSO framework will be used in the implementation of enterprise risk management in PricewaterhouseCoopers Company. In this process an analysis has to be clearly carried out. This is in relation to the environments surrounding the business organization. They include both the internal and the external environments. Management in organization carries out strategies in that deal with risks that are analyzed. There are various things that can be done in this case, they include;
Reduction: this is whereby an action is taken to help reduce the impact of the risk.
Avoidance: in this case an organization avoids activities that will create risks.
Insure: there is the transference of part of the risk to aid in its reduction.
Accept: in this stage an organization accepts that nothing can be done due to the costs involved.
The Committee of Sponsoring Organizations of Treadway commission since a decade ago assists in enhancing internal control systems in businesses. It has got a framework which is used by many companies in putting in place rules, policies and regulations that assist in controlling of internal activities. PricewaterhouseCoopers as a company has co-worked with COSO in putting in place plans in line with its enterprise risk management.
Initially there has been tremendous loss incurred in PricewaterhouseCoopers as a company. There have been cases of scandals that are high profile in nature. There are very many stakeholders that suffered in this case. They include investors in PricewaterhouseCoopers as a company. There are also many personnel in the Company that suffered a great deal. (Brown, 1999)
The enterprise risk management carried out in COSO helps in expansion of internal controls in organizations. The frameworks in COSO give many companies a focus that is quite extensive in nature in dealing with management of risks in organizations. These frameworks are not intended to replace many of companies’ and organizations’ internal frameworks. They are instead recommended to be incorporated in the internal frameworks of companies and organizations. When these recommendations of COSO are used by organizations, they are assisted in moving towards full risk management.
Plan on risk management
The following is a plan that can be used in PricewaterhouseCoopers Company to help in management of risks. It is based on Committee of Sponsoring Organizations of Treadway Commission recommendations. (DeLoach, 2000)
Internal environment
The basis of the risks involved in any business is influenced by organizational tone. In this case PricewaterhouseCoopers has to review the philosophies in this organization. This is in relation to how they affect the risks therein. This includes a research on the integrity of employees and people in this Company.
PREVENTIVE INTERNAL CONTROLS
Objective Setting
In this case, PricewaterhouseCoopers has to clearly evaluate its objectives. This really helps an organization to identify other activities that may hinder achievement of these objectives. Management in PricewaterhouseCoopers has to put in place distinct processes that will help in setting of organizational objectives. Objective setting by PricewaterhouseCoopers management can be done in the following ways. (Brown, 1999)
Strategic
This is whereby the management in PricewaterhouseCoopers sets goals that are high level in nature and those that support its mission as a company.
Operations
The objectives set have to be very effective such that the resources in the Company are efficiently used.
Reporting; there has to be reliability in reporting the objectives to the entire organization.
Compliance
When the management in PricewaterhouseCoopers puts in place objectives, they should comply with regulations and laws therein.
DETECTIVE INTERNAL CONTROLS
Event identification
After PricewaterhouseCoopers setting its objectives clearly, it has to carry out identification of both internal and the external events. These events should be those that will affect the achievement of set objectives. In this stage, PricewaterhouseCoopers as a Company has to distinguish opportunities and risks therein. In case management in PricewaterhouseCoopers identifies opportunities, then they have to be channeled or incorporated in objectives. (Nottingham, 1997)
Risk assessment
In this case, PricewaterhouseCoopers as a Company has to ensure that both the internal and external risks are analyzed. This Company has to consider the impacts that the risks would have on the Company. PricewaterhouseCoopers has to carry out an inherent and residual risk assessment.
CORRECTIVE INTERNAL CONTROLS
Risk response
PricewaterhouseCoopers as a Company should select the responses that it will have in relation to the risks. This can be done through avoiding activities that would encourage or influence the occurrence of risks. The other way in which a company can deal with risks is by accepting the whole situation. This is especially in risks that PricewaterhouseCoopers as a company cannot afford to deal with. Reduction can be carried out by management in this company to ensure that the impact of the risk is not felt at large by the company. (Andersen, 1998)
Control activities
In this stage the Company can put in place policies and procedures that will help management in organization to deal with the risks. This will help PricewaterhouseCoopers as a Company to have effective risk responses.
Communication and information
Human resource management has to identify relevant information in relation to the risks and capture it. This information has to be disseminated from management to employees to ensure that they carry out their responsibilities well. This information includes possible risks that can affect functioning of this Company. PricewaterhouseCoopers management should ensure effective communication is carried out broadly. This can be done upwards, where employees give management information concerning the challenges that they encounter that might enhance risks to occur. It can also occur downwards, whereby it is from management to employees. Information can also be communicated across the organization. (Nottingham, 1997)
Monitoring
PricewaterhouseCoopers Company has to carry out monitoring in enterprise risk management. At this stage it is necessary for management in PricewaterhouseCoopers to make the necessary modifications. This can easily be done through evaluation of management activities in PricewaterhouseCoopers.
All these processes do not necessarily influence each other. Each stage can be carried out on its own. (DeLoach, 2000)
Preventive solution
Preventive solution that can be used in this Company is to ensure that systems therein are updated. Organizational learning should be carried out which will help employees to avoid activities that will cause the risks to occur. Management should carry out evaluation of Company’s activities on a weakly basis and also carry out corrective measures.
Conclusion
Risk management is very important in any organization. When this is done according to COSO recommendations, it enhances effectiveness and efficiency in dealing with the risks. These risks normally exist both internally and externally.
References
Andersen, A. (1998): Operational Risk and Financial Institutions; London; Risk Books
Brown, G. (1999): Corporate Risk: Strategies and Management. London: Risk Books
DeLoach, J. (2000): Enterprise-wide Risk Management: Strategies for Linking Risk and Opportunity; London; Financial Times
Nottingham, L. (1997): A Conceptual Framework for Integrated Risk Management, Members’ Briefing Publication 212–97. Ottawa; Ontario; The Conference Board of Canada
