ENTERPRISE RISK MANAGEMENT THEORY

Enterprise Risk Management Theory & Northern Rock Crisis

Table of Contents

Chapter 1: Introduction3

Chapter 2: Literature review8

Reasons16

Wider regulatory issues19

The US sub-prime crisis: spillover effects for the UK23

Risk Management Issues25

Chapter 3: Methodology29

Design/methodology/approach29

Chapter 4: Discussion & Conclusion34

References38

Chapter 1: Introduction

In the 21st Century, the news of corporate scandals involving corruption enormously spread across not only the country but across the globe also. Accounting firms, investors, lenders, corporate managers and innocent bystanders were all embroiled in the chaos with the extent of corporate malfeasance being indeterminable. Collateral damage inflicted by scandals involving corporations such as Enron, Arthur Andersen LLP, WorldCom, Adelphia Communications, etc, was shocking. The occurrence of such business and audit failures led individuals in a state of contemplation. How did such situations occur; what could have been done to prevent them? This is where Enterprise Risk Management (ERM) comes in effect. As discussed below, one will see how the need for ERM arises and when it does, what functions ERM serves, the process it goes through, who participates, their roles and the advantages of having ERM in place. The focus will be on how to identify, measure, and respond to risk as well as what the role of the board of directors, management and employees is in risk management.

Risk is where it all begins. Events may have a positive or negative affect on a company and its strategy. If the events can be foreseen, the company has the opportunity to reduce any negative impacts and in turn reduce risk; or they can amplify the success of a positive event, which would in turn, present opportunities. (COSO, 2004) Risk can be defined as the probability of a known loss. ERM deals with risks and opportunities affecting value creation or preservation. Enterprise risk management, as defined by COSO is a process, affected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. (2004) If the negative event were to occur, mitigation through ERM would allow maintenance of the companies' objectives. The level of negative impact that a company can absorb and still meet its objectives and/or continue to exist is defined as risk appetite.

The negative impacts that are important to avoid are the unforeseeable ones. The most elusive characteristic of risk is that it is never definite, and as a result, the planning and measures that go into place are contingent on the event occurring, otherwise a waste of valuable resources may occur. For example, Jones Construction Company, with 200 employees, requires its employees to wear hard hats provided by the company while on-site. When Jones purchased the hats, they did not purchase through the cheapest bid because the plastic was brittle, weak and not enough padding was provided. The company spent over $20,000 on their initial purchase of quality hats and now replaces the ...