Enterprise Risk Management at Google - Research Paper Example

 Enterprise Risk Management at Google Abstract In the wake of corporate scandals such as the one at Enron, corporations are increasingly required to demonstrate accountability and risk management. Enterprise risk management is the process of ensuring that all risks are adequately monitored and mitigated in order to prevent losses to stakeholders. The COSO Report has also set out the parameters for a satisfactory level of internal control within an organization. This Report undertakes a study of Google, Inc and discusses the steps that may be necessary to implement an effective enterprise risk management program. Enterprise risk management at Google Introduction: Google has emerged as the front runner in the market through its search engine and despite the present recessionary trends, the Company reported gross revenues for the third quarter of 2008 of $5.4 billion, which reflects an increase of 3% compared to the second quarter of 2008 and an increase of 31% compared to the same period last year (www.google.com/ financial release). But the Company also faces an increasing level of challenges on grounds of privacy and cultural issues on its websites. This report identifies present and potential risks that the Company is facing and outlines a plan to implement enterprise risk management within the firm. Enterprise Risk Management: ERP has been defined as been defined as “the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders.” (www.casact.org, p 10). Before many of the accounting scandals such as the one at Enron erupted, risk assessment standards were considered a separate niche from regulating and auditing standards. But this has now been made a part of corporate governance, which is important in ensuring the economic health of corporations. Including risk assessment as a part of corporate governance provides investors the opportunity to periodically assess any potential risks that may arise. The Treadway Commission (COSO) issued a landmark report, in which it identified internal control measures that were necessary to ensure financial accountability and transparency in corporate governance. The three primary objectives of internal control according to this report are: 1) efficient and effective operations, (2) accurate financial reporting, and (3) compliance with laws and regulations. The report also sets out five essential components of an effective internal control system: (a) the control environment, which provides discipline and structure to the organization (b) risk assessment by management rather than internal auditors (c) control activities, or policies, practices and procedures by which management objectives are achieved and risk minimized (d) information and communication by communicating information to employees about responsibilities in a timely fashion to ensure compliance and (e) monitoring or external overseeing of internal control operations.(Applegate and Willis, 1999). Risks faced by Google: Risk is one of the essential elements which arises in the case of every organization and needs to be effectively managed if the organization is to succeed. The term “risk management” first emerged in the United States in the 1950s, emerging out of the insurance buying function, with managers seeking strategies to manage corporate risks rather than attempt to finance them after the loss had occurred (Young and Tippens, 2001:6). Risk management is the process whereby the organizational objectives are identified and then the threats to the successful achievement of those objectives are also determined. This enables decision making to take place in such a way that treatment of the risk is prioritized and risk control measures are implemented. Monitoring systems are introduced and plans drawn up to ensure that the business functions effectively. Google is facing risks raised by privacy and cultural issues on its websites. The Company is increasingly receiving lowest ratings from privacy groups, which is likely to impact adversely on its brand image. Google’s U tube website was blocked in Thailand for what was purported to be an offensive portrayal of an important person. Google Maps, which allow street views are being contested for trespassing and intrusion of privacy and these are issues the company has to deal with (Swarz, 2004). Secondly, Google is also facing issues such as fraudulent clicks on Ad words, which is affecting its profits and could impact negatively on its shareholders. Google places a high reliance on its partnership with its Network members, and relies upon them for a significant portion of its revenues, i.e, 30% of total revenues in the last quarter of 2008. (www.google.com/financial release). Google therefore derives significant benefits from its network members and if any of these key relationships is terminated or not renewed, it could have a detrimental impact on the company’s profitability and accountability. Additionally, Google has consistently followed a distinctive hiring policy, because it has focused upon pulling in large numbers of employees, especially the cream of the crop in terms of brain power (Dignan, 2007). One of the reasons for Google’s spiraling success is its thrust on innovation and the belief that good ideas can, and should, come from anywhere.(Business Week, 2005). But this has resulted in a high level of informality and networking within the organization, which belies the discipline and structure required under the COSO controls and poses a risk to the stakeholders in Google. Implementing an ERP Plan: The kind of information that investors need to know is how the decision making process is prioritized and coordinated and how risk is managed and controlled. This includes the incorporation of risk management techniques and audits, in order to address financial risks that may occur within an organization. From the perspective of risk management, the extent to which unethical behavior is prevented and the damages caused by such behavior minimized is paramount. Risk management also needs to include an ethical strategy, by increasing organizational concern with directive that guide ethical business practices and fostering incentives within the corporation to promote such behaviour (Francis and Armstrong, 2003:377). In the case of Google, it is important that the system of internal control is strengthened and the potential existing for financial manipulation through fraudulent clicks and risky online activity are minimized, especially the risks relating to maintaining privacy and security of confidential information. The high level of interactivity among the Company’s executives and employees may be a favourable aspect because it conforms to the components identified by COSO as essential to maintaining internal control. But while information exists about the potential for fraudulent online activity, this problem is not being adequately addressed by Google. It may be necessary for the Company executives to utilize the Company’s flair for innovation to devise additional security features and software to protect the security and confidentiality of those who use its search engine and related programs. Secondly, there are accounting risks posed to the Company in the form of threats from its competitors like Yahoo. Vise(2006) points out, its one-size-fits-all strategy, such as the one adopted by Google, is unlikely to work where there are different customs and laws which prevail. For example, Yahoo is the leading search engine in Japan, while in China, government supported search engines like Baidu.com are deeply entrenched. Hence Google must take measures to address the risks arising out of a failure to comply with local government regulations and carry out appropriate modifications to its search facilities when offered in other nations. Yet another risk is the Company’s over reliance on income from its partners. Such closed in relationships may also provide fertile ground for the development of activity that favours financial manipulation of accounts. Transparency is thus a vital aspect of corporate governance, because it ensures that organizational activity is carried on in an unethical, above-the-board manner that facilitates honesty and integrity in operations. The temptation for individuals to manipulate accounts and seek to gain from it, or expose the corporation to other risks in order to attain personal profits is more likely when there are such close knit and exclusive relationships such as those Google shares with its network partners. As a result, Google needs to implement stronger systems for control of its internal accounts, while also developing additional sources of income rather than being restricted to its reliance on Google network partners alone. The COSO requirements on monitoring as an essential part of internal control are not being adequately met at Google. The process of internal control is aided by the inclusion of independent and non executive Directors on the Board. For instance, the greater the numbers of independent directors present on a Board, the greater the amount of financial risk information disclosed. This is because, unlike the executive and acting directors of the firm, independent directors do not receive any financial remuneration from the Company, and thus may not be motivated by greed to hide or conceal fraudulent transactions geared towards the accumulation of profits in the hands of top executive officers through fraudulent means. Google may thus benefit by including more independent Directors on its Board, rather than its present three member Board. In the United States, the Sarbanes Oxley Act also requires independent auditors to carry out the audit and simultaneously report on the internal control reports produced by the management. An important section in the Sarbanes Oxley Act of 2002 is Section 404, which requires all companies trading publicly on the stock exchange to specifically include in the body of their annual reports, a statement by the managers of the corporate entity as well as external auditors on the efficacy of the internal audit processes and controls maintained over how financial information is reported. Google may also need to include such a statement by its managers within the framework of its annual reports, where it clearly details its risk management and internal audit procedures, as well as specifying the number and identity of the independent directors on its board. References: Applegate, Dennis and Willis, Ted, 1999. “Struggling to incorporate the COSO recommendations into your audit process? Here’s one audit shop’s winning strategy”, Internal Auditor, 1999 issue, http://www.coso.org/audit_shop.htm; Business Week, 2005. “Managing Google’s idea factory”, Business Week, October 3, 2005. http://www.businessweek.com/magazine/content/05_40/b3953093.htm; Dignan, Larry, 2007. “No need to panic over Google’s HR policies”, Seeking Alpha, October 22, 2007; http://seekingalpha.com/article/50684-no-need-to-panic-over-google-s- hr-policies; Francis, R. and Armstrong, A. 2003, “Ethics as a risk management strategy: The Australian experience”, Journal of Business Ethics,45: 375-385 “Overview of Enterprise Risk Management”, http://www.casact.org/research/erm/overview.pdf; Young, P.C and Tippens, S.C.,2001. “Managing business risk: an organization wide approach to risk management”, American Management Association Vise, David A, 2006. “Google”, Foreign Policy, 154 :20-25 Read More