Download this Paper Open PDF in Browser

Emerging Governance Practices in Enterprise Risk Management

The Conference Board Research Report No. R-1398-07-WG

99 Pages Posted: 15 Feb 2007 Last revised: 11 Jan 2009

Matteo Tonello

The Conference Board, Inc.

Date Written: February 1, 2007


As the oversight role of the corporate board in Enterprise Risk Management (ERM) expands, companies feel the need to fill a knowledge gap on effective risk governance practices.

The concept of correlating risk management, governance, and strategy in an enterprise-wide structure first appeared in the midst of merger frenzy of the late 1980s. At the time, many executives and strategists acknowledged that the enormous amount of risk undertaken through a series of corporate combinations was often not justified by a sound analysis of long-term prospects. In the 1990s, the debate continued and increasingly drew the attention of the business community, only to be obfuscated by the more exclusive focus on financial and accounting risks resulting from the wave of scandals of the Enron era. A few years into the implementation of the Sarbanes-Oxley Act of 2002, corporations are now ready to leverage their experience with mandatory internal control procedures to establish a more comprehensive ERM infrastructure.

In response to the need for guidance in the design and implementation of ERM, The Conference Board instituted a case-study based Research Working Group on Enterprise Risk Management with select risk and governance officers. Intended as a complement to the recent paper on The Role of U.S. Corporate Boards in Enterprise Risk Management (by Carolyn K. Brancato, Matteo Tonello, and Ellen Hexter), this study presents an overview of the research group's findings, including insights from five case studies of companies at the forefront of ERM:

- Bristol-Myers Squibb Company
- Capital One Financial Corporation
- International Paper
- MetLife, Inc.
- Moody's Investors Service

The paper also outlines a risk governance "road map," with a detailed discussion of the oversight role of corporate boards in each stage of ERM development and execution.

Keywords: risk, risk management, ERM, internal control, board of directors, audit committee, CRO, chief risk officer, corporate governance

JEL Classification: G31, G32, G34, G38

Suggested Citation

Tonello, Matteo, Emerging Governance Practices in Enterprise Risk Management (February 1, 2007). Available at SSRN: or

Matteo Tonello (Contact Author)

The Conference Board, Inc. ( email )

Paper statistics

Abstract Views