As IT Threats Evolve, Security Costs Rise

Lora Bentley

I've been reading for more than a year now that compliance is giving way to enterprise risk management -- both in terms of corporate strategy and in terms of software solutions. Today there is further evidence that such is indeed the case. Financial Week reports that Standard and Poor's will now include enterprise risk management in its determination of a company's credit ratings. More specifically, S&P will look at the following four factors:

  • Risk management culture and governance
  • Risk controls
  • Emerging risk preparation
  • Analysis of strategic management

ERM has been a part of S&P ratings for the financial and insurance industries for awhile, but the story says it now will be used in industries anywhere from "airlines [to] pharmaceuticals and retail."

 

How should companies respond to the announcement? According to Financial Week:

[Companies] first must take inventory and evaluate any existing ERM processes against the four S&P criteria. Second, management needs to take action to remedy any inadequate processes. S&P will not implement these changes overnight, but it's reasonable to expect that it will start to give official ratings as early as 2009. Companies should start making changes now to prevent any adverse effects on their ratings scores and, thus, their ability to access capital.

Like compliance initiatives before it, though, ERM must have buy-in from top management before it will be successful in the enterprise. As of yet, ERM has "barely made it on the [C-suite priority] list" save in the finance world, but S&P's move should change that, the story says.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date