Carmine Chianti is a former chef and successful entrepreneur. Carmine trained at the prestigious Culinary Institute of America, one of the premier culinary schools in the world. While there, she developed a love of boutique wines. After graduating, Carmine started a small yet successful restaurant. With her earnings from the restaurant business, she decided to pursue her true passion—wine.

Carmine has since purchased a winery and has set her sights on her most ambitious project yet: an annual wine festival in Sacramento, Calif. Carmine envisions an evening event that includes riverboats, an exclusive guest list, and wines from the Pacific region of the United States. She also pictures food vendors to provide light fare and cheeses to pair with the wines. She thinks Sacramento is an ideal spot for a successful venture because of its location in the wine country’s Central Valley along the Sacramento River.

Carmine, realizing that she doesn’t have expertise in enterprise risk management (ERM), hires Cork Consulting to help her understand the risks and opportunities associated with hosting a wine festival. You recently began working for Cork and have been assigned to the team that will conduct the risk assessment for Carmine. To prepare for today’s client meeting, you reviewed the COSO (Committee of Sponsoring Organizations of the Treadway Commission) Enterprise Risk Management—Integrated Framework, as well as notes in the client file summarizing an initial phone conversation with Carmine. You also reviewed the Risk/Opportunity Summary form that will be used to describe the event’s possible risks and opportunities (see “Risk/Opportunity Summary”).

You recall from your training that when conducting a risk assessment, you must understand the risk preferences of the organization’s management team along with background information and other relevant factors. As you look over the client file, you see that Carmine is very knowledgeable about wine and small business, but she hasn’t run a large-scale temporary event like a festival. She is ambitious about the event and wants it to be memorable. As the meeting begins, you listen carefully while Carmine outlines some key details surrounding the event.


“I want this event to be the premier showcase of boutique wines in the region,” she says. “I’m willing to take a few chances to make it something really amazing. There’s nothing else like this event right now, and I want to be first. Your team will help me with the initial risk assessment. What are the chances that something goes terribly wrong or that I miss a great opportunity? Either way, what could it cost me? All things considered, how should I respond?” Your mind races as you start to consider the possibilities.

Even though the team won’t be able to complete an entire assessment after one meeting, an initial brainstorming session of the event’s risks and opportunities will reassure Carmine that she hired the right firm. As you focus on the conversation at hand, the team leader asks about some details: “Carmine, how will the event be set up? Will patrons buy tickets ahead of time? How will they be allowed in?”

Carmine responds, “To limit access, the event will be fenced in on all sides, except along the river. Patrons will get into the festival by swiping a prepurchased wristband with an embedded radio frequency identification, or RFID, chip. I envision setting up most of the wine displays in rows leading down toward the river. Beneath the tents will be tables for the vendors to showcase their wines and seating for the patrons. To leverage the natural beauty of the river and create a special feel to the event, I’ll reserve some of the nicer wines to serve on riverboat tours. Since the boat will dock at the pier, I’ll place the food vendors nearby so that patrons can enjoy a snack while waiting.”

The team leader asks: “Speaking of vendors, how will patrons pay for things? How will they find a particular wine or vineyard?”

Carmine answers, “I’m working with a developer to create an event app tied to a special card that acts like a prepaid gift card. Patrons will use the app to load money onto the card. Each time they sample a wine or purchase food, a swipe of the card will update the funds available. The app will also give patrons information about the wines and vineyards showcased at the festival along with their locations.”

Carmine looks at the members of your team and says, “Okay, I think you can get started. Let’s plan to meet again in a few days and see what you’ve come up with.”


At the next meeting, the team reviews the initial risk assessment with Carmine. She seems impressed with the team’s work so far.

She responds, “Now, I have something else for you to consider. I recently met with my old friend Captain Bluff. He would like to add gambling to the riverboat. He’s an expert in this area and will navigate all the legalities to make it happen. Captain Bluff offered me 20% of the riverboat gambling profit. Of course, the winners will be paid out in cash.” Carmine hesitates, then adds, “While I’m interested, I wonder if this will draw a different crowd.”

The team leader responds, “Carmine, before you make a decision, let my team add the impact of this gambling option to its initial risk assessment. We’ll report back to you later this week.”


Using COSO’s ERM Framework as a reference, perform the following steps. Use the Risk/Opportunity Summary form to organize your analysis. Do items 1-3 without considering Captain Bluff’s proposal. Then address item 4 with his ­proposal.

  1. Brainstorm and describe potential risks and opportunities associated with this event.
  2. For each risk/opportunity, determine its potential impact on the event (significance) and likelihood of ­occurrence.
  3. For each risk/opportunity, choose an appropriate response (accept, avoid, pursue, reduce, or share) and briefly describe it, including any applicable controls.
  4. Follow requirements 1-3 and consider any new risks and opportunities that arise because of Captain Bluff’s proposal.

Click to enlarge.

About the Authors