Standard & Poor's Ratings Services has issued a set of frequently asked questions about its ongoing initiative to incorporate an evaluation of enterprise risk management practices into its credit ratings of nonfinancial companies.

The company has posted a list of 15 FAQs about the initiative, which has been underway since 2008.

The six-page document says S&P's "ERM reviews" are simply extensions of the management assessments that have always been part of the rating process-not a change to the ratings process.

S&P also notes that investors shouldn't view the ERM assessment as separate from the management assessment. Specifically, the FAQs state that S&P doesn't intend to publish a separate ERM methodology. However, its Corporate Ratings Criteria "will reflect any ERM-related enhancements in management analysis," the company says.

As for next steps and timing regarding ERM, S&P says, "We will continue to communicate with companies on risk management -- broadly speaking. We will study the causes of historical defaults and sudden rating changes to learn whether differentiating companies based on how they handle this function may help us to rate companies."

In addition to the FAQs, S&P has a posted video interview on the subject with Steve Dreyer, Lead Analytical Manager for U.S. Utilities & Infrastructure Ratings, and head of S&P's initiative to apply ERM to the credit analysis process for corporate ratings.

Explaining why S&P cares about management in the credit analysis process, Dreyer says, "What we really care about...is how well they can identify, manage, mitigate or otherwise deal with the key risks that could blow up the company."

So far, he says companies "have not distinguished themselves in either direction to the extent that we originally thought they might."

"We thought... we'd find companies head and shoulders above the rest, but we really haven't seen that," Dreyer said. "The same is true in the other direction. We haven't seen companies deviating too far from average performance for risk management. The negative is that average performance is still pretty rudimentary."

Dreyer says companies understand what their risks are and are taking time to think about how they're dealing with them, but he says, "It's pretty rare you see any companies that are proactively incorporating risk into strategic decisions."