Recently, there have been several new studies and articles released on Risk Management. COSO published a paper on using its ERM framework to help with Sustainability reporting which can be found at http://www.coso.org/. KPMG released a study on ERM capabilities which can be found here.
The more I’ve read the more I come to the conclusion that Enterprise Risk Management is in incorrectly named. It seems that the more we look at it ERM is really something else. The purpose of business is to take risk. If Investors and owners didn’t want to take risk they would simply leave their money in the bank earning a paltry half percent these days. Instead they decide to put their money at risk in the hopes the risks the business takes will result in a greater return.
So if a business’ purpose in life is to take risk, why do we spend so much time taking about managing risk? Part of it comes from the conflicting requirements a business faces. Certainly they have to take risk in order to try to make a profit, but there are risks a business wants to avoid. Financial reporting risk is one many CPAs are familiar with, but there are others such as regulatory compliance risk and certain legal risks that are also to be avoided or minimized. The problem is when that “minimize the risk” mindset sinks into the regular business decision making process.
I think the whole ERM process is unfortunately bringing that minimize or eliminate risk mindset to the rest of the business. Maybe this is because ERM efforts are often lead by Financial or compliance professionals that bring that negative view of risk from their discipline. Or maybe it’s just that word ‘risk.’ What if we called it Enterprise Opportunity Management? That certainly gives it a different connotation and makes you think differently about what the process should be. So, here is to looking for those EOM studies and how to articles.
Sustainability reporting is possibly the most misunderstood process by CPAs today. When you bring up the subject, far too many CPAs immediately react with indignation. They think its all about carbon footprints and dealing with irrational environmentalist demands. That has resulted in the finance department of many public companies having nothing to do with the official sustainability report issued by their company. Instead, PR departments, compliance organizations or other groups are taking the lead in producing this new external report.
This is unfortunate because sustainability reporting today has nothing to do with global warming and everything to do with the future of reporting by public entities. CPAs need to take a closer look at today’s sustainability report. Yes, there is information on a company’s carbon footprint and fresh water usage. There is also information on community support, employee training and benefits, and a myriad of other topics showing how the company does more than just make money. Simply put, sustainability reports do for other stakeholders what financial reports do for one group of those stakeholders – the shareholders.
It’s not like sustainability reports are all fluff either. They are full of quantitative information. Information that begs for the same rigor a finance department brings to the reporting of financial results. Quantitative information can include items such as the number of volunteer hours contributed to the community by a company’s employees or the number of people including dependents and retirees supported by a company’s benefit programs.
Now, users are starting to seek assurance on all of the numbers included in sustainability reports. This truly gets to the heart of a CPA’s competence. CPAs provide assurance on financial reports; who better to supply that same level of assurance on sustainability reports. Based on work back in the 1930’s CPAs became the exclusive providers of assurance on financial reports. That is not the case today on sustainability reports. Some audit firms are getting into the field, but a variety of other for profit and not-for-profit organizations are also positioning themselves to provide this assurance. The non-CPA organizations are getting increased traction in part because so many finance departments are not involved in sustainability reporting.
As a profession, we are at a critical juncture when it comes to sustainability reporting. Are we going to let this potential expansion of our role in providing information and assurance on company results pass us by or are we going to step up to the challenge of being the preeminent provider of information about all of the results of the company?