Recently I ran across an interesting item. Standard and Poor's is considering adding enterprise risk management as a key component of their credit rating analysis. S&P has asked for comments to be submitted by February 1; however, it is clear that they have already spent a lot of time deciding what ERM areas will be evaluated for credit rating purposes. It looks like S&P has already committed to adding ERM as a component--the comment period appears to be merely perfunctory. My concern has been that prudent ERM can be subjective, and varies from industry to industry, and possibly from company to company. On the other hand, risk management is prudent and should be an item of management. Each company needs to decide what risk management will mean and include for that company. And, there needs to be a determination at the board level about who will be involved in the board's ERM oversight. I have seen a move to have the audit committee perform that oversight. However, other than responsibilities that the audit committee must perform pursuant to legal requirements (which do not specifically include ERM), the audit committee is subject to the board's oversight and is only responsible for activities that are delegated to it by the board. And, audit committee members need to be aware of and agree to the responsibilities that they will perform. More on that later. If you are interested, the following is a link to more about S&P and ERM, http://www2.standardandpoors.com/portal/site/sp/en/us/page.article/3,1,1,0,1148449315878.html.

Dave Tate, CPA, Esq., http://davidtate.us