Loading in 2 Seconds...
Loading in 2 Seconds...
Applying COSO’s Enterprise Risk Management — Integrated Framework. September 29, 2004. Today’s organizations are concerned about:. Risk Management Governance Control Assurance (and Consulting). ERM Defined:.
September 29, 2004
“… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
Source: COSO Enterprise Risk Management – Integrated Framework. 2004. COSO.
ERM supports value creation by enabling management to:
This COSO ERM framework defines essential components, suggests a common language, and provides clear direction and guidance for enterprise risk management.
Entity objectives can be viewed in the
context of four categories:
ERM considers activities at all levels
of the organization:
Enterprise risk managementrequires an entity to take a portfolio view of risk.
- Business unit level
- Entity level
The eight components
of the framework
are interrelated …
Effectiveness of the other ERM components is monitored through:
A strong system of internal
control is essential to effective
enterprise risk management.
- Monitoring - Evaluating
- Examining - Reporting
- Recommending improvements
Visit the guidance section of The IIA’s Web site for The IIA’s position paper, “Role of Internal Auditing’s in Enterprise Risk Management.”
2120.A1 – Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organization’s governance, operations, and information systems.
2210.A1 – When planning the engagement, the internal auditor should identify and assess risks relevant to the activity under review. The engagement objectives should reflect the results of the risk assessment.Standards
Vice President andChief Risk Officer
Insurance Risk Manager
Corporate Credit Risk Manager
FES Commodity Risk Mg.
Risk assessment is the identification and analysis of risks to the achievement of business objectives. It forms a basis for determining how risks should be managed.
Source: Business Risk Assessment. 1998 – The Institute of Internal Auditors
- Accept = monitor
- Avoid = eliminate (get out of situation)
- Reduce = institute controls
- Share = partner with someone
Mitigate & Control
CompletenessMaterial Accrual of transaction open liabilities not recorded Invoices accrued after closing
Issue: Invoices go to field and AP is not aware of liability.
- Risks are being properly addressed
- Controls are working to mitigate risks
- Changes in business objectives
- Changes in systems
- Changes in processes
Enterprise Risk Management
— Integrated Framework,