Case Study | Risk Management
Can ERM protect a company’s valuation?
A northeastern health organization was a newly formed public company — the result of a merger of more than 25 smaller companies — with $4 billion in revenue and presence in 19 countries. They needed a robust ERM program to align their risk profiles across the strategic objectives of all the entities.
The stakes: Post-IPO shortfalls
- The company lacked visibility into the smaller companies’ risk and compliance profiles, resulting in unknown vulnerabilities.
- The company went public, but the stock price soon declined, adding pressure and lawsuits from shareholders.
How we helped: Real-time action
Phase 1: Pilot Development
- Built a foundational risk library.
- Adopted COSO’s ERM framework and conducted initial assessments.
Phase 2: Program Implementation
- Formalized policy and processes.
- Unified risks across Audit, Compliance, Internal Controls, and Crisis Management.
Phase 3: Integration with Strategy
- Aligned ERM with organizational strategy, goals, and initiatives.
- Defined risk appetite statements and assessed risks for strategic projects.
- Linked risk management to strategic planning and enhanced decision making.
The outcome: Crisis averted
- We created a cohesive risk profile that identified significant gaps.
- Swift action was taken to shore up vulnerabilities, including leadership changes.
- A new crisis management program was implemented just before the COVID-19 pandemic began.
- Value was preserved by focusing on critical risk remediations, which helped avoid costly crisis management situations.
