With the financial crisis of 2008 still fresh, and the emergence of “newer” risks such as cyber-security and vendor risk management, businesses are trying enterprise risk management to some degree. Although rare, the black swan risk—the threat that nobody expects or foresees—is also on the mind of board directors.
No surprise, then, that boards are paying attention to ERM. Internal auditors and compliance professionals have noted that audit committees or other directors are asking them to assess the state of enterprise risk management at their businesses. CFOs also support the idea because they have served on boards elsewhere, where ERM is a focused topic.
