Organizations today face greater threats than ever before from identity thieves, hackers, terrorists, and other criminal groups, as well as from corrupt employees, competitors, vendors, and customers. The consequences of a single incident can erode market cap and stakeholder support and lead to criminal prosecutions, regulatory actions, and civil litigation. All of these, in turn, can derail an organization's strategy.


Although all organizations practice some form of risk management, few do it effectively.
  • Good managers assess and respond to risk intuitively but informally, and they often lack the perspective to assess how their own risks might affect the entire organization.
  • Risk is addressed broadly during strategic planning, but the attention to risk rarely survives the strategic planning process.
  • The risk management efforts that are in place are generally housed within silos that do not coordinate with each other to identify cross-enterprise risks and develop the integrated measures necessary to mitigate them.
  • Having some risk mitigation measures in place leads to a false sense of security that the organization is well-defended. Many organizations, for example, unduly rely on their regulatory-compliance programs to protect them, when, in fact, the regulatory schemes were adopted to protect others.
  • Lacking systems to identify and manage risk, the board and senior management are left blind to serious risks that threaten the organization's success.

To address these challenges, forward-thinking organizations are turning to Enterprise Risk Management (ERM). ERM - at its most essential level – provides a methodical framework for identifying and managing the broad range of potential events that can derail an organization’s strategy. It does this by:

  1. Linking organizational objectives with the risks that threaten them; and
  2. Linking risk-mitigation measures with the specific risks they are designed to mitigate.
Along the way, ERM helps establish an organizational culture of integrity, accountability, and competence, and creates a meaningful opportunity for the board and senior management to monitor the organization's risk-mitigation efforts.

Chadwick Associates assists boards of directors, senior management and chief risk officers in managing risk by:

  • Assessing the effectiveness of their organization's present risk-management program.
  • Assisting them in developing and implementing ERM programs.
  • Assisting them in selecting and configuring ERM software tools.
  • Training business-unit managers in ERM.
  • Keeping them abreast of best practices in risk management.
  • Providing outsourced Internal Audit services and conducting internal investigations.
  • Developing regulatory-compliance programs in Sarbanes-Oxley, HIPAA, the USA Patriot Act, the Federal Sentencing Guidelines, and other regulatory schemes, including customer-imposed performance standards.


HOME | ABOUT THE FIRM | ENTERPRISE RISK MANAGEMENT | INVESTIGATIVE CONSULTING   
SECURITY CONSULTING | INTEGRITY CONSULTING | WILLIAM CHADWICK