On May 7, 2008, Standard and Poor’s Announced that they address enterprise risk management at part of their ratings: Standard & Poor’s To Apply Enterprise Risk Analysis To Corporate Ratings. (.pdf)
Ultimately, we will enhance transparency by providing investors and issuers our views of a management team’s ability to understand, articulate, and successfully manage risk. The benefits of the ERM enhancement will be to make the process of forming our rating opinions more forward looking, achieve finer differentiation among ratings, and facilitate construction of “what if” forecast scenarios.
S &P will look toward a company’s adoption of the COSO standards or the AS/NZS 4360 standards. But S&P will not make them a prerequisite for enterprise risk management nor sufficient evidence of sufficient risk manangement.