Counsel to Counsel - September 2008 - (Page 8) best practices Implementing an Enterprise Risk Management Evaluation WALTER T. GANGL | ARMSTRONG WORLD INDuSTRIES, INC. Walter T. Gangl is deputy general counsel and corporate secretary at Lancaster, Pa.-based Armstrong World Industries, Inc. Walter co-chaired a recent Counsel to Counsel forum on guiding good governance. He can be reached at wtg24@cornell.edu. implementation steps Standard & Poor’s (S&P) announced in May that it will soon make Enterprise Risk Management (ERM) programs at nonfinancial companies part of its comprehensive ratings review. According to a recent survey, roughly 75 percent of nonfinancial companies either do not have or have just begun implementing an ERM process. In spite of that lack, S&P expects companies to have at least begun establishing a systematic approach to ERM within the next year. Additionally, after several boards were blamed and some directors were forced out earlier this year for company losses stemming from missed credit market risks, boards of directors want to know what companies are doing to build credible ERM programs. situation • Inventory your current risk management processes and then build on them. • Develop tools, such as a matrix, to inventory, evaluate and prioritize all risks. • Ensure all business units use the same tools and terminology. • Train management on what ERM is and why it’s important. • Focus on strategic risks, where the bulk of enterprise value is lost. How well a company does on its ERM will impact its S&P rating, its ability to access the capital markets and possibly its cost of borrowing. Since inside counsel already play a leading role in disclosing certain risks, such as those listed under the Security and Exchange Commission’s safe harbor provisions, general counsel are a key resource in driving the establishment of a new ERM framework that identifies and prioritizes all potential risks to the company. challenge in-house counsel Develop company-specific tools to track, assess and prioritize risks. There may already be a threshold, say $2 million, for 8-K reporting at your company, or $5 million for Management’s Discussion and Analysis in your 10Q. Build on those disclosure standards. Create a matrix and prioritize each risk in terms of its likelihood and potential impact to the company. Then, focus on the most serious risks and discuss ways you mitigate them with upper management and the board of directors. Since the goal is to create what amounts to an ERM template applicable to all parts of the company, establish and enforce the use of a common COSO (Committee of Sponsoring Organizations) ERM vocabulary companywide, especially if there are numerous business units. Schedule training for upper management and the board. Explain what the ERM process is and why it’s so important. Meet with representatives of finance, operations, environmental health and safety and other corporate functions to determine what risk management practices are already in place. Determine how to build on them. approach adopted Review and inventory all known risks. For example, what is the current casualty and business-interruption loss insurance coverage and is it still adequate? Review the company’s environmental health and safety initiatives to ensure you can document conformance to all water/air emission standards, as well as worker- and product-safety standards. Examine plans to mitigate natural disaster impacts on your production capabilities. Armstrong operates plants along the Gulf Coast. Our disaster planning involves building key inventories in advance and coordinating production planning with plants in other parts of the united States that are capable of producing the same key products should a hurricane interrupt Gulf Coast operations. Also, examine potential natural disaster impacts on key suppliers. Further to the benefits of a favorable ERM evaluation from S&P, systematic ERM examinations will provide a clearer view of the company’s strategic risks. That, in turn, will help management better assess—and, if necessary, alter—the company’s business strategy and execution going forward. measuring success future issues to consider ERM will obviously be an ongoing process. Therefore, develop procedures now to regularly monitor, review and, when necessary, update your ERM processes. 08 LexisNexis® Martindale-Hubbell®
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.