ABSTRACT
During the last decade, risk management within enterprises (i.e. companies and other organizations) has recently been broadening its scope. It has evolved into a more systematic and integrated approach to the management of the total risks that an organization faces. This development can be traced to two main causes. First, following a number of high-profile company failures and preventable large losses, the scope of corporate governance has widened to embrace all the significant risks that an enterprise assumes. Directors are now increasingly required to report on their internal risk control and compliance systems. This is either through voluntary codes, such as the Combined Code of the UK Listing Authority, or by legislation, as in Germany through the ‘Control and Transparency in Entities’ Law. In the US, the Sarbanes-Oxley Act (2002) and the new Enterprise Risk Management Framework issued by COSO (the Committee of Sponsoring Organisations of the Treadway Commission), published in 2004, extends the scope of corporate governance even more widely.1 The second influence on the development of enterprise risk management has been the greater role that shareholder value models have been playing in strategic planning. Early strategic planning models paid insufficient attention to corporate risk. Modern strategic planning models are now based more on shareholder value concepts, which draw their inspiration from finance theory where risk has always played a central role.
