Ever wonder what S&P asks about during their ERM review for nonfinancial companies? Well here they are:
a. What are the company’s top risks, how big are they, and how often are they likely to occur? How often is the list of top risks updated?
b. What is management doing about top risks?
c. What size quarterly operating or cash loss has management and the board agreed is tolerable?
d. Describe the staff responsible for risk management programs and their place in the organization chart. How do you measure success of risk management activities?
e. How would a loss from a key risk impact incentive compensation of top management and on planning/budgeting?
f. Tell us about discussions about risk management that have taken place at the board level or among top management when making strategic decisions.
g. Give an example of how your company responded to a recent “surprise” in your industry and describe whether the surprise affected your company and others differently.
Original pdf file is here.