5 tips to manage enterprise risk in businesses driven by innovation

What is enterprise risk management (ERM)? Roopa Baboota, CPA (Canada) and a charter accountant working as a financial internal audit manager for Google sums up her view of ERM in three words: protecting the company.

As per Baboota “a lot of companies these days are adopting risk management techniques where they are only looking at the tangible and physical losses within the company, but not extending it to actually the intangible side of things”, she said. “Becoming more and more important are things like customer satisfaction or reputational risk, brand image, and corporate culture. I like to think about enterprise risk management encompassing both tangible and intangible risk.”

Developing an ERM programme is time-consuming and challenging but ultimately can bring businesses closer to achieving their goals. “It’s about driving investor, stakeholder, and shareholder value, ultimately that is the number one concern for companies these days – to make sure they are living up their strategies and providing value”, Baboota said. Here are her five tips for avoiding common pitfalls.

  1. understand the value of ERM
    • see the value of intangible assets, those “soft” ideas, such as corporate culture and customer experience.
  2. create management buy-in
    • buy-in at the top, strong tone at the top assures that once the risks are identified, roadblocks to resolving them can be eliminated.
  3. update your assessment frequently
    • update the assessment quarterly, with annual updates to oversight committees. Assessments may have to be recalibrated as business models and market conditions fluctuate, and especially in multinational companies where international markets are also a factor.
  4. ensure roles are clearly define
    • management remains responsible for risk, and this should be documented in the internal audit charter. Internal audit department can act as a consultant to help management assess risk and develop a process and audit plan or act from an assurance perspective. However, internal audit should not be managing risk on behalf of management.
  5. research to stay ahead of the game
    • stay up to date with current events, read more and be aware of how it can affect your organization.

Remember that once you keep apprised of what’s going on in the world the answers will come, influenced by your experience. “If you have a risk mindset, you’ll naturally be able to anticipate things.”


Planning for intangible business risks. A Google auditor offers 5 tips to manage enterprise risks in businesses driven by innovation. By Samiha Khanna. FM Magazine, June 2018

We are committed to keep you updated of all developments that may affect the way you do business in Puerto Rico.  Please contact us for further assistance in relation to this or any other matter.