Providing enterprise risk management counsel

Posted on Tuesday, October 8, 2019 by Abby Draper

By Donald R. Owens, CPA, CFF, CITP, CIA, CRMA, CFSA, CBA, founder and principal at PFRM Solutions 

CPAs embrace being their client’s trusted advisor, for both financial and non-financial matters. Such a designation brings with it tremendous responsibility and the expectation that one has the pre-requisite qualifications to provide expert advice across a broad spectrum of subject matters.

This “fiduciary” role often goes beyond financial, tax and investment advisory type services. It encompasses providing counsel to clients on various matters, including threats that may disrupt or potentially destroy their business. Recognizing that business owners don’t just work their businesses but are continuously working on them, they look to their trusted advisors to assist them in identifying, assessing, and proactively advising on how to mitigate or eliminate threats to their businesses. They rely on you, their trusted advisor, for education on emerging risks, the potential impacts to the business, and how best to protect the business.

In short, they’re looking to you for enterprise risk management counsel. As their trusted advisor, it may be prudent to seek the assistance of a risk management professional if you are not proficient in the practice of risk management.

Determining whether to accept a “risk management” advisory engagement or to assist your client in identifying a risk management professional requires knowing what is needed to be successful in such a role. I like to say it starts with applying the “Es” of enterprise risk management, a kind of litmus test on one’s proficiency in risk management. The Es are a general list of attributes that provide a means by which a trusted advisor assesses if he/she or the professional being recommended have the qualifications for the role. The Es, which follow, can assist in determining whether to accept the engagement or who possibly to recommend to your client. 

- Experience at assessing processes, people, systems, and strategies to capture and catalog risks.

- Expertise that will deliver results that transcend business lines as risk cannot be managed in silos but must be managed across the enterprise. Expertise goes well beyond experience, enabling a trusted advisor to assist in the design of leading control practices and advise on needed enhancements to the practices over time as dictated by business and market dynamics.

- Exposure to diverse environments and risks. This facilitates the application of critical thinking which is needed to identify risks that are unique to certain industries or business practices. It’s the ability to provide insightful recommendations, avoiding the tendency to simply rely on solution sets of the past.

- Emerging risk identification and logging in order to advise clients on potential threats that have not yet been considered. This requires leveraging various authoritative resources, expanding one’s knowledge of the changing risk landscape, and employing the practices needed to monitor and mitigate such risks.

- Execution capabilities to instill a well-designed risk management program.

- Educate/Enlighten the organization’s stakeholders to gain their buy-in to risk management.

- Empower/Enable management to both own and manage risks.

- Emotional Intelligence/Empathy/Engagement must be incorporated throughout to ensure open and invaluable participation by all parties involved.

- Ethics and culture analysis to assess internal behavioral threats to sustaining corrective actions.

- Evolving the risk management methods and practices to remain relevant and current.

In summary, the Es provide you a means to self-assess your qualifications and/or assist your client in identifying a qualified risk management professional for such an assignment. Applying the Es demonstrates to your client the due diligence you performed in assessing their needs and reinforces to them your commitment to their best interest (i.e., your standing as their trusted advisor).    

Donald R. Owens, CPA, CFF, CITP, CIA, CRMA, CFSA, CBA is founder and principal at PFRM Solutions which assists organizations in assessing and strengthening governance and risk management practices. Don can be contacted at

Leave a comment