Corporate Compliance Report

Satisfactory Essays

Corporate governance can be thought of as the overall umbrella of control and direction under which a corporation operates. Enterprise Risk Management (ERM) is "a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives," (, 2008). Ideal management of risk involves mitigating negative risk while taking advantage of positive risk. The board of directors is responsible for establishing an enterprise risk management philosophy that guides senior management when implementing an enterprise risk management plan for the company. Internal controls are a subset of ERM. “Internal control is broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations; reliability of financial reporting; compliance with applicable laws and regulations,” (COSO, 2008). Internal controls assure accuracy of reporting of information and objectives.

“Discover Financial Services (NYSE: DFS) is a leading credit card issuer and electronic payment services company with one of the most recognized brands in U.S. financial services,” (Discover Financial, 2008). The board of directors at Discover’s feel that it is time to employ an ERM program. It will be up to them to establish the corporation's risk culture and ethical philosophy. In establishing a risk culture, they will need to determine how the organization intends to manage risk. The ERM process will then be the responsibility of senior management. What follows is an outline of the plan Discover will use as a framework to implement an ERM program. This outline is based on the eight components of the ERM framework that has been determined by the Committee of Sponsoring Organizations of the Treadway Commission. “This COSO ERM framework defines essential components, suggests a common language, and provides clear direction and guidance for enterprise risk management,” (The Institute of Internal Auditors, 2008).

Types of Control

Putting an ERM program into place will allow Discover to be proactive in managing risk rather than reactive. If risks can be identified up front, the identification of such risk may enable the organization to take steps to prevent those risks from coming to fruition by implementing the appropriate internal controls.
Get Access