Get fully updated, step-by-step guidance for implementation of COSO's Enterprise Risk Management

Companies today are expected to manage a variety of risks that would have been unthinkable a decade ago. Discussing the latest trends and pronouncements that have affected COSO ERM (Committee of Sponsoring Organizations Enterprise Risk Management) and your company’s ERM program, COSO Enterprise Risk Management, Second Edition enables organizations of all types and sizes to understand and better manage their risk environments and make better decisions through use of the COSO ERM framework.

Table of Contents

Chapter 1: Introduction: Enterprise Risk Management Today 1
The COSO Internal Controls Framework: How Did We Get Here? 2
The COSO Internal Controls Framework 3
COSO Internal Controls: The Principal Recognized Internal Controls Standard 14
An Introduction to COSO ERM 14
Governance, Risk, and Compliance 15
Global Computer Products: Our Example Company 16
Chapter 2: Importance of Governance, Risk, and Compliance Principles 21
Road to Effective GRC Principles 22
Importance of GRC Governance 23
Risk Management Component of GRC 25
GRC and Enterprise Compliance 26
Importance of Effective GRC Practices and Principles 28
Chapter 3: Risk Management Fundamentals 31
Fundamentals: Risk Management Phases 32
Other Risk Assessment Techniques 45
Chapter 4: COSO ERM Framework 51
ERM Definitions and Objectives: A Portfolio View of Risk 51
COSO ERM Framework Model 55
Other Dimensions of the ERM Framework 86
Chapter 5: Implementing ERM in the Enterprise 89
Roles and Responsibilities of an Enterprise Risk Management Function 90
Risk Management Policies, Standards, and Strategies 100
Business, IT, and Risk Transfer Processes 105
Risk Management Reviews and Corrective Action Practices 108
ERM Communications Approaches 112
CRO and an Effective Enterprise Risk Management Function 113
Chapter 6: Importance of Strong Enterprise Governance Practices 115
History and Background of Enterprise Governance: A U.S. Perspective 116
Enterprise Integrity and Ethical Behavior 119
Disclosure and Transparency 125
Rights and Equitable Treatment of Shareholders and Key Stakeholders 126
Governance Role and Responsibilities of the Board 128
Governance as a Key Element of GRC 128
Chapter 7: Enterprise Compliance Issues Today 131
Compliance Issues Today 132
Establish a Compliance Assessment Team 133
Compliance Risk Assessments and Compliance Program Reviews 136
Work Unit–Level Compliance Tracking and Review Processes 138
Compliance-Related Procedures and Staff Education Programs 141
Enterprise Hotline Compliance and Whistleblower Support 142
Assessing the Overall Enterprise Compliance Program 144
Chapter 8: Integrating ERM with COSO Internal Controls 147
COSO Internal Controls Background and Earlier Legislation 147
Efforts Leading to the Treadway Commission 151
COSO Internal Controls Framework 156
COSO Internal Controls and COSO ERM: Compared 174
Chapter 9: Sarbanes-Oxley and Enterprise Risk Management Concerns 177
Sarbanes-Oxley Act Background 177
SOx Legislation Overview 179
Enterprise Risk Management and SOx Section 404 Reviews 193
Internal Controls Reporting and Materiality 198
PCAOB Risk-Based Auditing Standards 199
Sarbanes-Oxley: The Other Sections 200
SOx and COSO ERM 201
Chapter 10: Corporate Culture and Risk Portfolio Management 203
Whistleblower and Hotline Functions 204
Risk Portfolio Management 208
Integrated Enterprise-Wide Risk Management 211
Chapter 11: OCEG Capability Model GRC Standards 215
GRC Capability Model ‘‘Red Book’’ 215
Other OCEG Materials: The ‘‘Burgundy Book’’ 223
Level and Scope of the OCEG Standards-Setting Authority 224
Chapter 12: Importance of GRC Principles in the Board Room 225
Board Decisions and Risk Management 226
Board Organization and Governance Rules 230
Corporate Charters and the Board Committee Structure 231
Audit Committees and Managing Risks 235
Establishing a Board-Level Risk Committee 238
Audit and Risk Committee Coordination 244
COSO ERM and Corporate Governance 245
Chapter 13: Role of Internal Audit in Enterprise Risk Management 247
Internal Audit Standards for Evaluating Risk 248
COSO ERM for More Effective Internal Audit Planning 251
Risk-Based Internal Audit Findings and Recommendations 264
COSO ERM and Internal Audit 265
Chapter 14: Understanding Project Management Risks 267
Project Management Process 268
PMBOK1 Guide: A Guide to the Project Management Book of Knowledge 269
PMBOK1 Guide’s Project Manager Risk Management Approach 272
Project-Related Risks: What Can Go Wrong 282
Implmenting ERM for Project Managers 285
Chapter 15: Information Technology and Enterprise
Risk Management 291
.......