Please enable JavaScript.
Coggle requires JavaScript to display documents.
COSO: ERM - Coggle Diagram
COSO: ERM
Components of Enterprise Risk Management
Risk Response
Control Activities
Risk Assessment
Information and Communication
Event Identification
Monitoring
Objective setting
Internal Environment
Use of This Report
Other entity personnel
Regulators
Senior Management
Other professional organisations
Board of Directors
Educators
ERM: ENTERPRISE RISK MANAGEMENT: Integrated Framework
COSO
: Committee of sponsoring organizations of the Treadway commission.
COSO issued internal control - integrated framework
Help businesses and other entities assess and enhance their internal control system
Enterprise risk management encompasses
Reducing operational surprise and losses
Identifying & managing multiple & cross enterprise risk
Enhancing risk response decisions
Siezing opportunities
Aligning risk appetite & strategy
Improving deployment of capital
Events - Risk & Opportunities
Enterprise risk management defined:
Applied in strategy setting
Applied across the enterprise, at every level and unit, and includes taking an entitylevel portfolio view of risk
Effected by people at every level of an organization
Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite
A process, ongoing and flowing through an entity
Able to provide reasonable assurance to an entity’s management and board of directors
Geared to achievement of objectives in one or more separate but overlapping categories
Achievement of these objectives
Operations– effective and efficient use of its resources
Reporting– reliability of reporting
Strategic –high-level goals, aligned with and supporting its mission
Compliance – compliance with applicable laws and regulations.
Relationship of Objectives and Components
Compliance
Reporting
Operations
Strategic
Encompasses Internal Control
Internal Control – Integrated Framework.
Control – Integrated Framework
Roles and Responsibilities
Everyone in an entity has some responsibility for enterprise risk management
Effectiveness
Limitations