Recommended textbook solutions
Operations Management: Sustainability and Supply Chain Management
12th
EditionBarry Render, Chuck Munson, Jay Heizer
1,698 solutions
Human Resource Management
15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine
249 solutions
Service Management: Operations, Strategy, and Information Technology
7th
EditionJames Fitzsimmons, Mona Fitzsimmons
103 solutions
Operations Management: Sustainability and Supply Chain Management
12th
EditionBarry Render, Chuck Munson, Jay Heizer
1,698 solutions
Enterprise Risk Management [ERM] is a risk process used to identify, assess, manage, and control risks to exploit opportunities they might provide within an organization. It provides an overall framework for an organization’s risk management program by establishing objectives.
Definition: Enterprise Risk Management is a process,
effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. Committee of Sponsoring Organizations of the Treadway Commission [COSO]
The Goal of Enterprise Risk Management [ERM]
The goal of ERM is to provide
organizations a method to deliver more value to their customers and stakeholders.
Enterprise Risk Management [ERM] Components
COSO ERM consists of eight [8] interrelated components. These are derived from the way management runs an enterprise and are integrated with the management process. These components are: [1]
- Internal Environment: The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and
addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.
- Objective Setting: Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent
with its risk appetite.
- Event Identification: Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management’s strategy or objective-setting processes.
- Risk Assessment: Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a
residual basis.
- Risk Response: Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite.
- Control Activities: Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.
- Information and Communication: Relevant information is identified,
captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity.
- Monitoring: The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both.
Enterprise Risk Management [ERM] Categories
This
COSO ERM framework is geared to achieving an organization’s objectives within four [4] categories. These categories are: [1,2]
- Strategy: high-level goals, aligned with and supporting the organization’s mission
- Operations: effective and efficient use of resources
- Financial Reporting: reliability of operational and financial reporting
- Compliance: compliance with applicable laws and regulations
AcqLinks and References:
- [1] COSO of the Treadway Commission “ERM – Integrated Framework, Executive Summary” – Sept 04
- DoD Risk Management Guidebook – Aug 06
Updated: 8/5/2021
What are the components of COSO framework?
The five components of COSO – control environment, risk assessment, information and communication, monitoring activities, and existing control activities – are often referred to by the acronym C.R.I.M.E.
What is COSO enterprise risk management Framework?
The COSO Framework is a system used to establish internal controls to be integrated into business processes. Collectively, these controls provide reasonable assurance that the organization is operating ethically, transparently and in accordance with established industry standards.
How many components the COSO ERM framework has?
COSO's ERM-Integrated Framework consists of the eight components: 1. Internal Environment- Management sets a philosophy regarding risk and establishes a risk appetite.