Please enable JavaScript.
Coggle requires JavaScript to display documents.
COSO ENTERPRISE RISK MANAGEMENT - Coggle Diagram
COSO ENTERPRISE RISK MANAGEMENT
Enterprise risk management
Aligning risk appetite and strategy
Enhancing risk response decisions
Reducing operational surprises and losses
Identifying and managing multiple and cross-enterprise risks
Seizing opportunities
Improving deployment of capital
Uncertainty
All entities face uncertainty
the challenge for management is
to determine how much uncertainty to accept as it strives to grow stakeholder value
presents both risk and opportunity
Events – Risks and Opportunities
Events can have:
Negative impact- risks
Positive impact opportunities
or both
Definition: Enterprise Risk Management
A process, ongoing and flowing through an entity
• Effected by people at every level of an organization
• Applied in strategy setting
• Applied across the enterprise, at every level and unit, and includes taking an entity level portfolio view of risk
• Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite
• Able to provide reasonable assurance to an entity’s management and board of directors
• Geared to achievement of objectives in one or more separate but overlapping categories
Achievement of Objectives
Strategic – high-level goals, aligned with and supporting its mission
• Operations – effective and efficient use of its resources
• Reporting – reliability of reporting
• Compliance – compliance with applicable laws and regulations.
safeguarding of resources
Achievement of strategic
objectives and operations objectives is subject to external events not always within
the entity’s control
Components of Enterprise Risk Management
Internal Environment
Objective Setting
Event Identification
Risk Assessment –
Risk Response –
Control Activities –
Information and Communication –
Monitoring –
Relationship of Objectives and Components
There is a direct relationship between objectives
and enterprise risk management components
The relationship is depicted in a three-dimensional matrix
Vertical columns:
four objectives:
strategic
operations
reporting
compliance
Third dimension
Entity's units
BUSINESS UNIT
SUBSIDIARY
DIVISION
ENTITY-LEVEL
Horizontal column
8 components of ERM
Internal Environment
Event Identification
Risk Assessment
Risk Response
Control Activities
Information & Communication
Monitoring
EFFECTIVENESS
The components of ERM are a criteria
for effective enterprise risk management
The eight components of ERM will not function identically in every entity
To determine if an entity’s enterprise risk
management is
“effective”
is a judgment resulting from an assessment of whether the eight
components are present and functioning effectively
Limitations
In reality, human judgment in
decision making can be faulty
Decisions on responding to risk and establishing controls need to consider the relative costs and benefits
Breakdowns can occur because of human failures
such as simple errors or mistakes
Controls can be circumvented by collusion of two or more people
Management has the ability to override enterprise risk management decisions
Encompasses Internal Control
Internal control is an integral part of enterprise risk management
Roles and Responsibilities
Everyone in an entity has some responsibility for enterprise risk management.