Enterprise Risk Management

Running head: ENTERPRISE RISK MANAGEMENT

Enterprise Risk Management

F. Bruce Creech

MBA560

Marina Fraiqun, Esq.

March 21, 2008

University of Phoenix

Enterprise Risk Management

Organizations are faced with all types of risks. Some risks can be internal or external and can result in total devastation of an organization. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was established in 1985 to study issues which could lead to fraudulent financial reporting. These findings were then recommended to public companies, independent auditors, the Securities Exchange Commission and other regulators, and various educational institutions (COSO, 2008). Unfortunately, many organizations failed to follow these guidelines and millions of employees and shareholders were affected by fraudulent activities within these organizations. Enron, Tyco, WorldCom, and Adelphia were some of the companies who reported fraudulent information regarding returns on investments and operating capital. As a result of these companies using fraudulent methods in accounting, legislation was passed in the SOX Act to punish those who felt the need to betray those who had invested money and trust into the organization.

In order to help eliminate or deal with the risks faced in today’s corporate community, an Enterprise Risk Management Plan (ERM) can be used. The ERM can help manage risks such as operational, business, regulatory, technical, system, management, reputation, and event risks (IBERM Solutions, 2008). The COSO website indicates, “Enterprises operate in environments where factors such as globalization, technology, regulation, restructurings, changing markets, and competition create uncertainty. Uncertainty emanates from an inability to precisely determine the likelihood that potential events will occur and the associated outcomes.” (COSO Executive Summary, 2003) An ERM will be developed for Rouse Mortuary and Crematory (RMS) in Greenville, NC. This paper will look at the risks and a plan established to help deal with the risks. By bringing unity to the ERM and SOX, the organization can be fully assured there will be no corporate compliance issues.

Rouse Mortuary and Crematory Background

Rouse Mortuary and Crematory is located in Greenville, NC near the Brody School of Medicine of East Carolina University. The organization does contract embalming for approximately 40 funeral homes, cremations for another 25 or so, and also provides transportation of human remains to various states and countries. Those who are deceased and require transportation to other countries are flown by common carrier and special permits are needed. There is an estimated case load of 3200 human remains that are dealt with on an annual basis. This volume brings significant risk. Not only are there state and federal laws and guidelines, but issues involving pricing, inflation, and non-payment of accounts, tax issues, and infectious diseases. Any of these risks could devastate the organization.

Goals of an ERM

The primary risk functions in large corporations that may participate in an ERM program typically include:

1. Strategic planning вЂ" identifies external threats and competitive opportunities, along with strategic initiatives to address them

2. Marketing вЂ" understands the target customer to ensure product/service alignment with customer requirements

3. Compliance & Ethics вЂ" monitors compliance with code of conduct and directs fraud investigations

4. Accounting / Financial compliance вЂ" directs the Sarbanes-Oxley Section 302 and 404 assessment, which identifies financial reporting risks

5. Law Department вЂ" manages litigation and analyzes emerging legal trends that may impact the organization

6. Insurance вЂ" ensures the proper insurance coverage for the organization

7. Treasury вЂ" ensures cash is sufficient to meet business needs, while managing risk related to commodity pricing or foreign exchange

8. Operational Quality Assurance вЂ" verifies operational output is within tolerances

9. Operations management вЂ" ensures the business runs day-to-day and that related barriers are surfaced for resolution

10. Credit вЂ" ensures any credit provided to customers is appropriate to their ability to pay

11. Customer service вЂ" ensures customer complaints are handled promptly and root causes are reported to operations for resolution

12. Internal audit вЂ" evaluates the effectiveness of each of the above risk functions and recommends improvements (ERM, 2003)

While these goals are geared to larger companies with ties to the NYSE and SEC, similar versions will work in a smaller organization as well. Modification of these goals will aid Rouse Mortuary and Crematory to insure they comply with all regulations and laws sanctioned by the funeral industry.

Management Controls

Preventive Controls

Preventive controls are used on a daily basis to assist managers accomplish the objectives of the organization. Preventive controls are designed to discourage errors or irregularities (NOAA, 2005). In the case of RMS, a type of preventive control would be to make those customers with outstanding balances pay on per-call basis. This preventive control would keep the accounts receivables from getting out of control. Another control would be to have all computers within the system be password protected. This control would prevent unauthorized access to privileged information.

Detective Controls

Detective controls are designed to identify an error or irregularity after it has occurred (NOAA, 2005). To reduce expenses, the owner of RMS could have the bookkeeper to monitor phone bills to ensure personnel are not making any long-distance calls. Another control would be to monitor the monthly reports to insure all reporting is accurate. If not, then

...