Online Tutoring
Now Reading


by Chief OxMay 20, 2020

Scheduled for adoption by the Board on January, 10, 2012.

Prepared By:

Gosalia, K.

Pending Review and Approval by:

Lowell Bradford,

Chief Legal Counsel,


Embracing Enterprise Risk Management

            It is imperative not to overlook the central significance atleast some form of enterprise risk management possesses even in a relatively smaller firm. Distressing financial events toward the turn of the 21st century required for governments world over to come up with some form of regulation along the lines of the Sarbanes-Oxley Act in the United States (Tarantino, 2006).

            It is not that organizations are or have been entirely bereft of all manner of self regulation in the past – this discussion would not be over inventing the wheel. However, the regulations existing in general have been lame: they are uncoordinated, do not necessarily go along a “critical path” to action, could be informal, shortsighted in that they could be focused on organizational or compliance oriented risks, but most of all, they are not talking about the elephant in the room: the strategically emerging risks that are slow but sure to arrive.

COSO’s Eight Components of Enterprise Risk Management

            The Committee of Sponsoring Organizations of the Treadway Commission

(COSO) has instituted a framework of enterprise risk management – a progressive, widely sanctioned integration in the enterprise of today. The framework has eight interrelated components, which would be used to structure the compliance plan: the internal environment, objective setting, event identification, risk assessment, risk response, control activities, information, communication and monitoring.

Liability: enterprise, directors and employees etc.

            Riordan is all too big to miss. For an organization the size of Riordan’s, with projected revenues of over USD 46 million and 550 employees, getting sued or becoming embroiled in a messy lawsuit is an all too real possibility – specially given it’s recent expansion plans in China. The risk increases manifold because the firm would be exposed to laws of a foreign country – with almost no cultural similitude and almost no experience.

Enterprise Liability  

            Quickly gaining control of the world around itself would be the first step to combating this form of primary liability. Apart from an unfamiliar legal structure, the organization would be interacting with a foreign workforce with significant cultural centrism. There are reverse challenges related to integration of the firm into the workforce already present.

A structured risk management plan, such as the one proposed by COSO guidelines would be highly applicable here. The first step, “internal environment” refers to the overall attitude, so to say, or what the company does when the perception first becomes clear. It has a lot to do with the “blueprint of action” that the organization has developed, including who exactly would implement what (COSO, 2004).

The need of the hour would be to stay prepared to prospective labor disputes and shortages while the company transitions from Hangzhou to Shanghai. Abrupt dispersal of employees that are not moving would lead to unpleasant partings – on a large scale. The company would need to perceive the kind of reaction it may get at the hands of the regional workforce as a whole. Risks could include – at worst, a boycott as it completes the move.

Other risks could include having to spend additional sums to drum up enough labor within permissible times. Likewise, maintaining and drafting new contracts with suppliers and distributors would also be a challenge. The internal environment needs to be tuned to be prepared for challenges of this nature. 

A good strategy would be to concentrate on settling down over and above all else. Putting finances on a secondary priority, the firm should focus on getting as many contracted suppliers as it may need to fill its coffers. The opportunity to cull should be pursued at a later stage when it has options, and the move is out of the way.

To be able to setup a hierarchy such as the one above, Riordan would need to complete defining objectives for themselves. Without clearly defined objectives, management cannot go about assessing how risks could affect them. These objectives should be consistent with the risk appetite the firm possesses and constitute the next step in the COSO guidelines.

Risk Management Committee

The firm should also constitute a risk management committee. The job of this committee would be, in essence, to oversee the implementation of the COSO guidelines in their entirety. Taking the baton from management which would help define objectives, the committee would proceed with the next steps in the COSO plan.

Event identification refers to grouping of future events into the risk camp or the opportunity camp, which would be the company’s prerogative to decide. The next step of risk assessment would involve analysis, probabilities and devising preliminary strategies. The response step would be next, with a choice between avoiding, accepting, reducing and sharing of it for which the committee would need intense collaboration with the management (COSO, 2004).

Control activities would ensure that the response has been carried out in a timely, efficient fashion, which the committee’s job would be to oversee and help carry out. Information and Communication is all about the flow of information regarding risks, the strategy chosen to deal with it, the effectiveness of responses and any corrections. Monitoring refers to the overseeing of the whole process of dealing with risks.

Liability of Directors and Employees

China truly operates in a commercial disconnect from the rest of the world as it concocts economic miracles following half hearted capitalism while still being mired in communism. The cultural nuances and over top of them, the domestic laws overseeing business can be very tricky (Vernoff & Seybolt, 2007).

For example, a while back there was the case of Stern Hu, an “obedient” Australian executive of British-Australian steel firm Rio Tinto, jailed in China for ten years for accepting bribes from Chinese steel companies (Sainsbury, 2010). The amounts involved have led to the belief that a lot of what was going on was sanctioned from way above.

It was an exercise in acclimatizing to the local way, which went horribly bad. Local steel magnates and others, like Du Shanghua – also involved, avoided much of what Hu couldn’t – a testament to the ginormous puzzle that a foreign market always is, with it’s very particular and hard to tread ways (Sainsbury, 2010).

            Riordan would do well to walk the line for as long as it takes them to learn and trust the new system. Employee guidelines should be clear and precise over what is expected behavior from the lot. However, guidelines are never enough. The firm should institute a transparent policy of rewards and punishments for the first violations. Making examples is also extremely helpful, and really the first opportunity that presents itself is also the last. Employees are always testing what they can get away with.

Legal Counsel & Rights of Employees

            The company’s legal counsel Lowell Bradford should be the “sump” as regards invoking the legal arm. He should also be the central point of coordination between the employee(s), the risk assessment team and the law firm on retainer, Litteral & Finkel. Since the firm is familiarized with legalities on both sides of the pacific, they would be an efficient agent in any manner of legal hassle.

Product Liability

            Product liability for the company originates not just from the newness of its own operations, but also from the manufacturing process employed by its suppliers. Considering some of the sophisticated products that the company manufactures, heart valves for example, the liability could be enormous.

            The challenge in front of Bradford, the risk assessment team and to some extent Litteral & Finkel would be to address each of these risks before they cumulate or balloon up. For a first, they could institute regulatory oversight with reputable private sector regulators, preferably Chinese. The team should also draft policy on how to run the regulatory process parallel to manufacturing.

            Among inclusions should be a clear style of self policing. When ever the company does run into an issue, the best way out should be to inform any regulatory authorities and start a process of collaboration which rectifies the problem. This solution may not be the most comfortable way out, nor would it be the easiest, however it would be a small price to pay for a mutual trust that would be generated between the firm and the agencies from then on.

Property: Tangible and Intellectual

            Efficient property management is extremely relevant for bigger firms like Riordan for not just financial reasons. Ay proprietary technology that the firm has patents over should specially be protected for strategic reasons. China finds itself in a dilemma over allowing copyright and intellectual property rights violations to occur.

On the one hand there is the credit boost to the creator, which helps engender more of it. On another, there is the quick money minting that comes from selling something copied as such from a successful product. Infact chances are that one would find replicas for almost everything that was ever a trend, in the Chinese market – including iPhones, bikes, laptops and even satellites, movies and planes. The pilferage is just as sophisticated in intellectual and idea properties as it is in hardware (Vernoff & Seybolt, 2007).

This increases the threat for Riordan which stands to lose its competitive edge should any technology get stolen or transferred, somehow. Since a legal recourse is not going to be effective – because the damage would have been done, it must do what it can to mitigate any chances. Specially, given the fact that its Shanghai plant would staff new employees and trust would be a long time coming.

            The legal arm should have a template of action in case there is a violation of the company’s property rights – including dry running the option of suing defendants for full tort.  

Patent Overturning

            Another huge risk would be the overturning of a patent. Since Riordan would be convincing a foreign court that its intellectual rights stand violated, it would have to go over the entire process of justifying a patent in the first place.

            If a recent trend is any indication, chances are that the patent would be overturned. Courts are holding off on granting patents worldwide as the collective imagination of the human kind gains more and more credit.


Yet another cause of concern is the defense of claims of violation of others’ property rights by Riordan. The company should do its bit to familiarize itself with how intellectual property rights are set up and administered and what, if anything, might give a competitor the chance to take advantage of such protections.

Governance Principles

            Concrete steps taken toward good governance like the implementation of COSO recommendations help build up investor confidence. This is specially needed in times like these, when  too big to fail firms turn out to be hollow in the middle, for example, Enron, Freddie Mac, Fannie May etc. (Bierman, 2008).

            Therefore, good governance is drafting and adhering to a policy of strong ethics, which should be central to everything that gets done in an organization. In this regard, an ethics policy is a parallel component to every strategy employed. It is true that the most ethical of ways are also the least efficient. However, the mitigation in risks they provide is a good deal to take. A proper implementation of COSO principles would ensure that the firm does not need another policy oriented toward god governance.

            On the other hand, not implementing guidelines exposes one to risks that were able to lure their way in and eat entire corporations. A primary benefit would be from the guidelines COSO has over ethical financial reporting and auditing processes. Besides, since the passage of Sarbanes-Oxley Act, compliance is mandated to stay in compliance (Tarantino, 2006).

International Law 

            It is immediately apparent, why international law holds significance for Riordan. Due to its international operations- to a high scale, it has positioned itself for success just as much as for compliance. A broad purview of laws is applicable in this case. There would be those that protect and safeguard Riordan’s intellectual capital just as there would be those that oversee corporate double taxation.

Then there would be environmental laws – quickly spawning everywhere. Far more useful for the Chinese government than their simple worth in compliance, they should be seen as efficient tools in the hands of the authorities to quickly bring you down. If nothing else is sticking, a couple of these, nearly entirely impracticable laws would quickly glow red.

The firm should stay in total compliance with all other laws applicable to it’s operations, including, tax related laws, regulations on processes, trade, manufacturing oversight etc. for the most optimal experience and treatment (Gu, 2010).


            As evidenced from this Corporate Compliance Plan, the central strategy of Riordan is themed by the recommendations of and constituents from the COSO risk management guidelines. It is held that their worth is significant in the areas of legal, product and enterprise liability, legal counsel, real and intellectual property, principles of governance and even international laws. Since the advent of the Sarbanes-Oxley Act, the implementation of the recommendations is required, a testament to their merit.


Bierman. H. (2008). Accounting/finance lessons of Enron: a case study. World Scientific.

COSO. (2004, Sep). Enterprise risk management — integrated framework. Retrieved from

Gu, M. (2010). Understanding Chinese Company Law. Hong Kong: Hong Kong University Press

Sainsbury, M. (2010, Aug 06). China jailed two steel executives over rio tinto’s stern hu bribery scandal The Wall Street Journal, Retrieved from
Tarantino, A. (2006). Manager’s guide to compliance: Sarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, OMB A-123, ASX 10, OECD principles, Turnbull guidance, best practices, and case studies. New York, NY: John Wiley and Sons.

Vernoff, E. & Seybolt, P. J. (2007). Through Chinese eyes: tradition, revolution, and transformation. The Apex Press.

About The Author
Chief Ox

Leave a Response

This site uses Akismet to reduce spam. Learn how your comment data is processed.