Introduction
Corporate governance can be thought of as the overall umbrella of control and direction under which a corporation operates. Enterprise Risk Management (ERM) is “a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives,” (BusinessDictionary.com, 2008). Ideal management of risk involves mitigating negative risk while taking advantage of positive risk. The board of directors is responsible for establishing an enterprise risk management philosophy that guides senior management when implementing an enterprise risk management plan for the company. Internal controls are a subset of ERM. “Internal control is broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations; reliability of financial reporting; compliance with applicable laws and regulations,” (COSO, 2008). Internal controls assure accuracy of reporting of information and objectives.
“Discover Financial Services (NYSE: DFS) is a leading credit card issuer and electronic payment services company with one of the most recognized brands in U.S. financial services,” (Discover Financial, 2008). The board of directors at Discover’s feel that it is time to employ an ERM program. It will be up to them to establish the corporation's risk culture and ethical philosophy. In establishing a risk culture, they will need to ...