Please enable JavaScript.
Coggle requires JavaScript to display documents.
COSO ERM - Coggle Diagram
COSO ERM
Components of Enterprise Risk Management
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information and Communication
Monitoring
Achievement of Objectives
Strategic – high-level goals, aligned with and supporting its mission
• Operations – effective and efficient use of its resources
• Reporting – reliability of reporting
• Compliance – compliance with applicable laws and regulations.
Enterprise Risk Management Defined
Enterprise risk management is a process, effected by an entity’s board of directors,
management and other personnel applied in strategy setting and across the
enterprise, designed to identify potential events that may affect the entity, and manage
risk to be within its risk appetite to provide reasonable assurance regarding the
achievement of entity objectives.
Enterprise risk management is
• A process, ongoing and flowing through an entity
• Effected by people at every level of an organization
• Applied in strategy setting
• Applied across the enterprise, at every level and unit, and includes taking an entitylevel portfolio view of risk
• Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its appetite
• Able to provide reasonable assurance to an entity’s management and board of directors
• Geared to achievement of objectives in one or more separate but overlapping categories
Events – Risks and Opportunities
Events can have negative impact, positive impact, or both. Events with a negative impact
represent risks, which can prevent value creation or erode existing value
Relationship of Objectives and Components The four objectives categories – strategic,
operations, reporting, and compliance