The meaning of “safeguarding of assets” depends upon the context:
• At the statutory compliance level, it may focus on complying with the terms of the Sarbanes-Oxley Act and broader Securities and Exchange Commission and generally accepted accounting procedure regulations.
• At the corporate governance level, the focus must broaden to consider implications and accountability to all stakeholders, both internal and external to the corporation.
• At the general business risk-management level, safeguarding must integrate the full spectrum of corporate, financial, and operational issues relevant to asset management.
The figure illustrates the significance of context with respect to safeguarding.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)-II Framework for Enterprise Risk Management (ERM) provides a conceptually sound framework of integrated principles, common terminology, and practical implementation guidance supporting entities’ programs to develop or benchmark their ERM processes. It is divided into eight components with each component having numerous subcomponents. Each subcomponent includes recommended implementation practices or techniques.
According to the COSO-II definition, ERM “is a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding achievement of entity objectives.”
However, determining what “safeguarding” means to a company’s stakeholders and applying the COSO-II coherent ERM framework represent only the first steps toward establishing effective enterprise-wide risk management. To progress further towards successful ERM implementation, companies must integrate into their procedures the many facets of risk and opportunity analysis and complications in information flow and decision-making.
Integrating the framework with structured procedures rooted in the practical world of operational risk management as well as corporate and financial management is considered by the authors to be essential in achieving such progress.