Applying COSO’s Enterprise Risk Management — Integrated Framework. September 29, 2004. Today’s organizations are concerned about:. Risk Management Governance Control Assurance (and Consulting). ERM Defined:.
Related searches for Applying COSO s Enterprise Risk Management Integrated Framework
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
September 29, 2004
“… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
Source: COSO Enterprise Risk Management – Integrated Framework. 2004. COSO.
ERM supports value creation by enabling management to:
This COSO ERM framework defines essential components, suggests a common language, and provides clear direction and guidance for enterprise risk management.
Entity objectives can be viewed in the
context of four categories:
ERM considers activities at all levels
of the organization:
Enterprise risk managementrequires an entity to take a portfolio view of risk.
- Business unit level
- Entity level
The eight components
of the framework
are interrelated …
Effectiveness of the other ERM components is monitored through:
A strong system of internal
control is essential to effective
enterprise risk management.
- Monitoring - Evaluating
- Examining - Reporting
- Recommending improvements
Visit the guidance section of The IIA’s Web site for The IIA’s position paper, “Role of Internal Auditing’s in Enterprise Risk Management.”
2010.A1 – The internal audit activity’s plan of engagements should be based on a risk assessment, undertaken at least annually.
2120.A1 – Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organization’s governance, operations, and information systems.
2210.A1 – When planning the engagement, the internal auditor should identify and assess risks relevant to the activity under review. The engagement objectives should reflect the results of the risk assessment.Standards
Vice President andChief Risk Officer
Insurance Risk Manager
Corporate Credit Risk Manager
FES Commodity Risk Mg.
Risk assessment is the identification and analysis of risks to the achievement of business objectives. It forms a basis for determining how risks should be managed.
Source: Business Risk Assessment. 1998 – The Institute of Internal Auditors
- Accept = monitor
- Avoid = eliminate (get out of situation)
- Reduce = institute controls
- Share = partner with someone
Mitigate & Control
CompletenessMaterial Accrual of transaction open liabilities not recorded Invoices accrued after closing
Issue: Invoices go to field and AP is not aware of liability.
- Risks are being properly addressed
- Controls are working to mitigate risks
- Changes in business objectives
- Changes in systems
- Changes in processes
Enterprise Risk Management
— Integrated Framework,