Case Studies on Enterprise Risk Management Implementation
These expert-written case studies provide real-world guidance on creating an enterprise risk management structure tailored to your organisationís concerns. Step-by-step examples provide a powerful framework for fashioning an effective approach for leaders to manage risk.

If you are purchasing a product in one of the following formats, please check the system requirements below:

Online Professional Library
The AICPA Online Professional Library will operate in a variety of configurations, but only the configuration described below is supported by our technicians:

  • Windows 7+ (Latest Microsoft Edge, Internet Explorer, Firefox or Chrome)


Minimum system requirements are:

  • Internet access
  • Adobe ID
  • Adobe® Digital Editions (ADE) is a free program that lets you read eBooks on a PC, Mac, and any supported smartphone or tablet. You MUST download and login to ADE in order to view an AICPA eBook. AICPA eBooks are best viewed when using ADE 3 for PC and ADE 4 for Mac.
  • For mobile access to eBooks, download the free Bluefire Reader app for Apple (iOS) and Android phones and tablets.


  • eBooks are intended for a single user only.
  • An eBook is a downloadable file that will be accessible immediately after completing your purchase. Access to the download link expires 180 days from the purchase date so you must download the file before this time elapses.
  • This product is refundable within 10 days of your purchase date.

Read the AICPA eBook Tutorial and see our FAQ for more information.


  • Adobe® Acrobat® Reader 8 or higher
Product details

In today's dynamic and often turbulent environment, your organisation needs an enterprise risk management programme that is quickly implementable and utilises the processes and management activities already occurring at your organisation. Whether you are initiating a programme at your organisation or your existing programme needs improvement, Case Studies on Enterprise Risk Management Implementation is a potent answer to your challenges. This publication takes you directly into the experience of a company whose management is starting to formally address risk assessment and management. Walk through their process, working with the board, senior management, and the management team to identify and rate significant risk categories.

The central case study details each step of initiating and implementing a risk assessment and management programme, clarifying and demystifying the process. Fourteen tables, charts, and templates, a memorandum to the management team, and pointers for running productive and efficient meetings give you an immediate head start in beginning your own process. The guide also includes two shorter case studies to further enhance your understanding of enterprise risk management implementation.


CGMA designation holders qualify for discounted pricing on this product. In order to receive your special pricing, you must be registered and signed in. View the complete list of development products available on CGMA.org.


A number of important outcomes arose from the biennial risk assessment process. The organisation determined that it needed to incorporate risk management criteria into its policies and procedures so that risk management would become an integral part of all of the organisation’s processes. The process also resulted in the standardization of health, safety, and security plans, and it enhanced employee tracking during foreign travel. The organisation also enhanced its online proposal system to include a risk assessment section to price risk into proposals and to notify critical risk supervisors early in the bid process of items that may require review.

The enhancement to the online proposal system was one area in which the ERM process immediately added value to the organisation. Shortly after implementation, a proposal was being developed that involved a fairly insignificant amount of revenue. When the new risk assessment portion of the proposal process was completed, however, a significant reputational risk issue was identified. The subject of the research involved in the proposal was an extremely controversial issue, which had generated a significant amount of negative media attention in the past, and having RTI’s name associated with that subject had the potential for serious reputational damage. Through this process, the project leader determined that this risk was significantly outside the normal scope and warranted additional review. The process RTI implemented required that such risks be evaluated by the RMC before the project leader could proceed with the proposal. In order for ERM to not be viewed as a bottleneck in the proposal process, the committee quickly acted on these reviews and usually notified the project team of its decision within three to five days. In this case, the RMC reviewed the potential risk and decided that the organisation should not proceed with that proposal.

Table of contents

Bonnie Hancock, MS

Mark Beasley, PhD, CPA

Mark S. Beasley is the Deloitte Professor of Enterprise Risk Management and Director of NorthCarolina State's Enterprise Risk Management (ERM) Initiative, which provides thought leadership about ERM practices and their integration with strategy and corporate governance.

In 2012, Mark was named by the National Association of Corporate Directors (NACD) as one of the ‚Äú100 People to Watch.‚Ä? He recently completed over seven years of service on the board for the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Mark is a frequent speaker at national and international conferences and frequently works with boards of directors and senior executives on risk oversight issues. He teaches courses related to enterprise risk management, risks and controls, and auditing in the graduate and executive education programs.

Mark has authored over 80 research articles and business publications and he is the author of a leading auditing textbook. Prior to joining NC State, Mark served as a Technical Manager in the Audit and Attest Division of the AICPA and as an Audit Manager in the Nashville, TN office of Ernst & Young. He received a BS in accounting from Auburn University and a Ph.D. from Michigan State University.


American Institute of CPAs

The American Institute of CPAs (AICPA) is the world’s largest member association representing the CPA profession, with more than 418,000 members in 143 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.

The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialized credentials for qualified professionals who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. With The Chartered Institute of Management Accountants (CIMA), it offers the Chartered Global Management Accountant (CGMA) designation, which sets the global benchmark for quality and recognition in management accounting.

The AICPA and CIMA also make up the Association of International Certified Professional Accountants (the Association), which represents public and management accounting globally, advocating on behalf the public interest and advancing the quality, competency and employability of CPAs, CGMAs and other accounting and finance professionals worldwide.

The AICPA maintains offices in New York, Washington, DC, Durham, NC, and Ewing, NJ.

Member Quantity:
Nonmember Quantity:
Estimated total:
Add to cart
Back to Top