BOOKS REVIEWED:

Rezaee, Zabihollah, 2007,Corporate Governance Post-Sarbanes-Oxley: Regulations,Requirements, and IntegratedProcesses (Hoboken, NJ: Wiley).

Moeller, Robert R., 2007,COSO Enterprise Risk Manage-ment: Understanding the NewIntegrated ERM Framework(Hoboken, NJ: Wiley).

The books selected for reviewaddress two critical areas forcorporate success. Rezaee haswritten a comprehensive refer-ence on corporate governance.Moeller presents a thorough dis-cussion of how to effectivelyimplement enterprise risk man-agement (ERM).

CORPORATE GOVERNANCEPOST-SARBANES-OXLEY

Recent major accountingand financial scandals and asso-ciated legislation and regulationhave resulted in heightenedinterest in corporate governance.While many new books on thetopic have been published inrecent years, Professor Zabihol-lah Rezaee’s Corporate

Governance Post-Sarbanes-Oxley may well be the mostthorough and extensive examina-tion of corporate governancecurrently available. Rezaeedescribes the political, eco-nomic, historical, and legal envi-ronment and markets in whichcorporations operate, as well asthe roles and expectations ofmajor corporate stakeholders.Functional areas whose actionsand interactions are critical forthe implementation and mainte-nance of effective corporate gov-ernance are identified and thor-oughly examined. The principlesof corporate governance arethoroughly discussed. It wouldonly be a small exaggeration todescribe this book as “every-thing you would ever want toknow about corporate gover-nance.”

Professor Rezaee’s book isorganized into three parts. PartOne, titled “The Rise of Corpo-rate Governance,” describes anddiscusses the corporation’s rolein society and the environmentin which corporations exist andpresents and explains fundamen-tal theories, principles, andmechanisms of corporate gover-nance. The two chapters in thispart also identify stakeholder

constituencies of corporationsand major functional compo-nents of a system of corporategovernance.

In Part Two, “Functions ofCorporate Governance,” the role,environment, and activities ofdifferent corporate governancefunctions are examined in detail.Each of the eight chapters in thispart addresses individual func-tions and present function-spe-cific suggestions to improve cor-porate governance. Chapters 3,4, and 5 examine the oversightfunction of the board of direc-tors, the role of board commit-tees, and the responsibilities androle of management, respec-tively. Chapter 6 tackles compli-ance issues relating to govern-mental regulation. Private-sectorregulation and suggested bestpractices from entities such asstock exchanges, the BusinessRoundtable, and the NationalAssociation of Corporate Direc-tors are also discussed in thischapter.

Chapters 7, 8, and 9 exhaus-tively cover roles of internalaudit, professional advisors, andexternal auditors, respectively.The final chapter in Part Two,Chapter 10, dissects the moni-toring function and examines

David Cannon, Joseph H. Godwin, and Stephen R. Goldberg

Corporate Governance and

Enterprise Risk Management

83

© 2008 Wiley Periodicals, Inc.Published online in Wiley InterScience (www.interscience.wiley.com).DOI 10.1002/jcaf.20374

bo

ok r

evi

ew

jcaf_20374.qxp 12/25/07 12:28 AM Page 83

monitoring activities of externalstakeholders such as sharehold-ers, creditors, customers, andsuppliers and their role in cor-porate governance.

Part Three of ProfessorRezaee’s book deals with “Con-temporary Issues in CorporateGovernance.” Chapter 11 dis-cusses corporate governance inthe context of private and non-profit organizations, while Chap-ter 12 deals with the relationshipbetween corporate governanceand business ethics. Chapter 13deals with the effect of global-ization and technology on corpo-rate governance. The authorillustrates how XBRL, a lan-guage used for Web-based finan-cial reporting, can significantlyalter the landscape of financialreporting and lead to continuousauditing. The final chapter dealswith emerging issues in corpo-rate governance.

This book is well-written,well-organized, and contains anabundance of tables, diagrams,and charts that support and com-plement the text. Cited facts andquotations are consistently andgenerously supported with end-of-chapter footnotes. Theauthor’s considerable knowledge,expertise, and academic experi-ence are evident throughout thebook.

The major strengths of thisbook are its comprehensiveness,breadth, and level of detail. Toillustrate, Chapter 5, which dealswith the role of management incorporate governance, coversareas as diverse as executivecompensation, disaster planning,and financial reporting usingXBRL. Each of the chapters inPart Two could be separatelypublished as a booklet detailingeach function’s role in the corpo-rate governance process. How-ever, these strengths may be con-sidered by some as weaknesses

in that the volume of content andlevel of detail at times could beoverwhelming.

Corporate Governance Post-Sarbanes-Oxley is recommendedfor corporate board members,executives, attorneys, auditors,investors, academics, and otherswith an interest in corporate gov-ernance and would be a welcomeaddition to any corporate library.This book would also make anexcellent supplement for a gradu-ate-level management, finance,or accounting course associatedwith corporate governance.

COSO ENTERPRISE RISKMANAGEMENT

The Committee of Sponsor-ing Organizations (COSO) pro-vided the first widely accepteddefinition and framework forinternal control in the early1990s. In a similar fashion, inlate 2004, COSO proposed adefinition and structure forenterprise risk management forall types of organizations to bet-ter manage risk. COSO Enter-prise Risk Management is morethan an update of COSO oninternal controls. It is a new inte-grated approach to risk manage-ment. The book attempts to helpreaders make better use of thistool. Guidance is provided onthe importance of ERM; keyconcepts and terminology; anoverall structure integratingstrategic, operational reporting,and compliance objectives;approaches to managing risk;and issues related to informationtechnology and ERM. Theauthor, Robert R. Moeller, hasextensive risk management expe-rience of over 25 years in inter-nal audit, including audit direc-tor for a Fortune 50 corporationas well as extensive publicationsand speaking experience onERM and related topics.

COSO Enterprise Risk Man-agement consists of 14 chaptersand 367 pages. The initial chap-ter discusses a previous lack of aclear definition and understand-ing of both internal control andenterprise risk and the impor-tance of the development ofCOSO ERM. Chapter 2 intro-duces key concepts and termi-nology, as well as graphical andprobability tools used by riskmanagers. The components ofCOSO ERM are presented in thefollowing chapter. The three-dimensional framework consistsof eight vertical layers or riskcomponents, a second dimensionof four vertical layers coveringkey risk objectives, and a thirddimension consisting of organi-zational units. The fourth chapteremphasizes that risk manage-ment must be understood interms of the four key risk objec-tives: strategic, operational,reporting, and compliance. Thefifth chapter suggests anapproach for implementing riskassessment and discusses howthe framework approach canhelp an organization to bettermanage risks and achieve objec-tives. Chapter 6 discusses theintegration of COSO’s ERM andinternal control frameworks. Thenext chapter addresses why aneffective ERM program helpscompanies comply withSarbanes-Oxley’s Section 404internal control assessments.

The eighth chapter providesguidance for boards of directorsto understand ERM and its rolein their corporate governanceresponsibilities. The followingtwo chapters address the role ofinternal audit in ERM, and thenunderstanding project manage-ment risks. Chapter 11 looks atthree aspects of information tech-nology and ERM, which are risksassociated with application sys-tems, disaster recovery planning,

84 The Journal of Corporate Accounting & Finance / January/February 2008

DOI 10.1002/jcaf © 2008 Wiley Periodicals, Inc.

jcaf_20374.qxp 12/25/07 12:28 AM Page 84

and systems network accessrisks. The twelfth chapter dis-cusses establishing an effectiverisk culture and the role of thechief risk officer. The last twochapters address how other inter-national ERM standards relate toCOSO ERM and expectations for

COSO ERM for the future. Theauthor expects COSO ERM to bethe standard in years to come.

The primary objective ofthe book is to help all levels—from entry-level audit staff tomembers of boards ofdirectors—understand risk

management and the COSOERM framework and makebetter use of this potentiallypowerful tool to make betterdecisions. It is recommendedreading for staff, management,and directors concerned withmanaging enterprisewide risks.

The Journal of Corporate Accounting & Finance / January/February 2008 85

© 2008 Wiley Periodicals, Inc. DOI 10.1002/jcaf

David M. Cannon, PhD, CPA, CISA, is an assistant professor at Grand Valley State University. Dr. Cannon’steaching interests are in accounting information systems, management information systems, and mana-gerial accounting. His research areas include accounting information systems and methodological issuesin accounting research. Joseph H. Godwin, PhD, CPA, and Stephen R. Goldberg, PhD, CPA, are professorsof accounting at Grand Valley State University. Their teaching and research interests focus on financialaccounting, international accounting, financial derivatives, and economic value added. They havepublished articles in a number of academic and practitioner-oriented journals.

jcaf_20374.qxp 12/25/07 12:28 AM Page 85