Introduction
Risk management is imperative for enterprises today given the numerous internal and external factors working against businesses. One of the processes of risk management adopted by enterprises is Enterprise Risk Management (ERM).ERM in its most straightforward definition is the active process of identifying potential threats which if allowed to occur will result in significant financial losses for an enterprise. It helps assure investors concerning achievement of set goals. In this paper, I will examine the effect of ERM concerning Microsoft Company drawing from the Ernest & Young risk management checklist. Moreover, I will access the financial performance of the company using the Altman’s Z scorecard which is used to estimate the bankruptcy potential for companies.
The Microsoft Company
The Microsoft Corporation is a leading company in the U.S specializing in the development of computer systems and applications. Paul Allen and Bill Gates founded the company in 1975. The company’s headquarters are in Redmond, Washington while it operates research labs in various cities across the world such as Beijing, Cambridge, Montreal, and Bangalore. Microsoft has experienced tremendous growth over the years and is a leading tech giant. Just like other companies, Microsoft has adopted ERM as it operates in a rapidly evolving environment with quickly advancing technology and short product life cycles.
Delegate your assignment to our experts and they will do the rest.
The Ernest & Young Risk Management Checklist
The first item on the checklist is if the company has a formal risk management framework. Microsoft has a formal risk management framework in a place known as The Microsoft Readiness Framework. This is a framework developed by Microsoft to help prepare organizations for technology adoption by managing risks inherent to technology readiness efforts.
The second item in the checklist is if the company has identified its risk appetite. In business, risk appetite is a risk that an organization is willing to take to meet its strategic objectives. One of the leading indicators of risk appetite for an enterprise is where it allocates time and resources to minimize risk exposure. The Microsoft Company has identified its risk appetite. The company has identified a “risk universe” which outlines the highest risk departments in the company which is operations, legal/compliance, financial/reporting and strategic.
The third item on the checklist is if the company performs an annual enterprise-wide risk assessment. The Microsoft Company has over the years shown a great desire to comply with risk assessment as part of CPS standard requirements. The company has demonstrated readiness to annual CDSA audits as well as controls necessary to retain CPS certification.
The fourth item in the checklist is if processes are in place so that risk management is aligned to corporate strategies. Just like many other companies, the Microsoft Company has a corporate policy which includes global diversity and inclusion, speed and Ballmer E-mail. There are processes in place to ensure that risk management is aligned to organizational strategy at Microsoft. A good example is the evolution of the ERM program in the company with the arrival of cloud services (Easthope & Pratt, 2018). The advent of cloud shifted the focus of the company towards software services necessitating a change in the ERM program to meet the new operating model and performance objectives.
The fifth item on the checklist is if the company has evaluated the advantages and disadvantages of outsourcing or co-sourcing the functions needed to support the risk management plan. Microsoft has sufficient knowledge of the advantages and disadvantages that are inherent in its outsourcing or co-sourcing functions for its risk management plan. A good example is its cloud services Azure (Taylor & Daeman, 2018). These have proven a massive success in the financial service sector. However, the company has needed to sign transition agreements since the cloud users may need the flexibility to move to other providers. While service evolution is unavoidable, the company knows it cannot sacrifice data safety for APRA-regulated entities.
The sixth item in the checklist is if the risk and compliance functions throughout the organization work together. Risk and compliance are far-reaching and closely interwoven activities requiring participation by the various entities in an enterprise. Data protection has become paramount in a world where data breaches are rampant. Microsoft is committed to full regulatory compliance and trust. A good example is its cloud products which are built to address rigorous security and privacy concerns of customers.
The seventh item on the checklist is if risk functions have improved Microsoft business. The adoption of risk management function has dramatically enhanced Microsoft’s business. After experiencing a lot of losses, Microsoft treasury presented to the board of directors a paper highlighting the factors contributing to declining profits. Since then; the company has integrated various risk management programs such as SCM alignment, intranet and Business Risk Management (BRM) which have contributed to the success of the enterprise.
The eight-item on the checklist is if the internal audit department at the company has a clear mandate that addresses strategic, operational, financial and compliance risk. The internal audit department at Microsoft establishes adequate internal control over financial reporting for the company in a bid to provide reasonable assurance concerning the reliability of financial reporting for external purposes.
The ninth item on the list is if Microsoft has established clear governance over risk and risk management. Microsoft has created clear risk governance over risk through GRC with the knowledge that right governance processes seek out risk and open discussions and clear approaches to addressing risk.
The tenth item in the list is if the company has defined board committees with a focus on a specific area and considered the effectiveness of the risk committee. The audit committee in Microsoft is responsible for reviewing and assessing the company’s processes to manage and control risk. The effectiveness of this committee is continuously monitored as these committees have to report to the board.
The eleventh item in the checklist is if Microsoft clearly articulates risk assessment and risk management process to the public markets. The Microsoft Company complies with the above. A good example is through the Microsoft cloud service. To aid enterprises to comply with national and region-specific requirements governing data collection and use, the company offers the most comprehensive set of compliance offering.
Strengths and Weaknesses of the Risk Management Program
Microsoft has put the issue of risk management at the core of its operations. The risk management program adopted has had numerous strengths. To begin with, moving to an ERM approach has enabled the company to view and assess risks holistically as opposed to assessing the risks as independent and uncorrelated entities. Secondly, risk management groups work across the organization and can provide input to various groups. The risk management group can diffuse information across the company by working closely with business unit managers. The third strength is that Microsoft extends its risk management cover to even third parties especially in scenarios where there is a need for sourcing and sourcing. Despite the above advantages, the program also has its weaknesses. One of the flaws is lack of a clear policy on the risk associated with cyber-attacks. It has been challenging to implement such a system due to the always and ever-evolving nature of cybercrime. Another weakness is lack of enough collaboration with relevant stakeholders to look into ways of strengthening the risk management practices already in place.
Conclusion
From the above, it is evident that Microsoft has made significant progress in implementing a successful ERM program over the years. The Ernest &Young risk management checklist above has just revealed that. The company is compliant with most of the checks above implying that it has taken ERM seriously. The result of this has been improved economic performance over time as most of money loss avenues are addressed with prudent risk management programs. However, despite these sensible efforts, there are still areas of improvement for the company that it needs to work on in its ERM procedures such as coming up with better risk management policies on emerging issues such as cybercrime and also sharing risks with partners through a collaborative approach to risk management. The future looks bright for the company and with these few adjustments to its ERM, the sky is the limit.
References
Easthope, T., & Pratt J. (2018).ERM and One Microsoft Strategy. Retrieved from https://www.rims.org/resources/ERM/Documents/Microsoft-interview.pdf
Taylor, D., & Daeman, T. (2018).Microsoft’s Response to APRA’s Information Paper on Cloud. Retrieved from https://www.rbnz.govt.nz
