Please enable JavaScript.
Coggle requires JavaScript to display documents.
COSO ERM Executive Summary - Coggle Diagram
COSO ERM Executive Summary
Core Premise
Balances risk and opportunity to enhance value.
Optimizes growth, returns, and resource deployment.
Exists to provide value to stakeholders.
Key Benefits
Enhances risk response decisions (avoidance, reduction, sharing, acceptance).
Reduces operational surprises and losses.
Manages multiple and cross-enterprise risks.
Facilitates seizing opportunities.
Aligns risk appetite and strategy.
Improves capital allocation.
Definition of ERM
Applies across all levels of the organization.
Provides reasonable assurance for achieving objectives.
A process affecting strategy and operations.
Objectives of ERM
Operations: Effective and efficient resource use.
Reporting: Reliable reporting.
Strategic: High-level goals aligned with the mission.
Compliance: Adherence to laws and regulations.
8 Components of ERM
Event Identification: Differentiates risks (negative) and opportunities (positive)
Risk Assessment: Analyzes likelihood and impact (inherent and residual).
Objective Setting: Aligns objectives with mission and risk appetite.
Risk Response: Selects strategies (avoid, accept, reduce, share).
Internal Environment: Sets the organization’s risk tone (values, philosophy, appetite).
Control Activities: Implements policies and procedures.
Information & Communication: Ensures timely, relevant communication.
Monitoring: Tracks ERM effectiveness (ongoing or through evaluations).
Limitations of ERM
Costs vs. benefits of controls.
Risks of collusion or management override.
Subject to human judgment and errors.
Roles in ERM
Managers: Promote compliance and manage specific risks.
Board of Directors: Oversight and risk appetite alignment.
CEO: Ultimate responsibility.
Others: Internal auditors, financial officers, and external parties provide support or information but not direct responsibility.
Relationship with Internal Control
ERM builds on the Internal Control – Integrated Framework.
Internal control remains a critical subset of ERM.