The stage is set for enterprise risk management. Sarbanes-Oxley forced companies to spend a great deal of time and money demonstrating oversight of financial risk—often to the point of overkill. Now, with new guidance from the Securities and Exchange Commission and the Public Company Accounting Oversight Board’s Accounting Standard No. 5, the tectonic shift from bottom-up, cover-your-tail, control-based SOX compliance to top-down, risk-based, strategic compliance officially has been blessed.
At this early stage, companies employing aggressive, fully formed enterprise risk management strategies are few—and most are wary of discussing their programs in detail. The rest might have something to learn from firms like Centerline Capital Group and Aquila, which—from very different starting points—are well along in the quest for making enterprise risk management real.
