Chapter 4

COSO ERM Framework

Chapters 1 and 2 discussed some of the developments that have led to the Committee of Sponsoring Organizations Enterprise Risk Management framework (COSO ERM) as well as the related COSO internal controls framework. In addition, Chapter 3 introduced some classic risk management and measurement techniques that have been used by risk management professionals in many areas of operations, such as credit management, information technology (IT) systems, development projects, and business continuity planning. This chapter will take these risk management concepts and tie them to the key elements of the COSO ERM framework model. Described as a three-dimensional model, COSO ERM looks very similar to the better known COSO internal controls framework discussed in Chapter 1, the recognized standard for assessing internal controls. The COSO ERM framework, introduced in this chapter, will help all levels of managers to better understand and assess risks from a total enterprise perspective rather than just by individual areas and concerns.

ERM Definitions and Objectives: A Portfolio View of Risk

Every enterprise, whether for-profit commercial, not-for-profit, or a governmental agency, exists to provide value for its stakeholders; these include the employees and stockholders for a commercial enterprise or voters for a governmental entity. That stakeholder value is created, preserved, or even can be eroded through management decisions at all levels of the enterprise ...

Get COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance (GRC) Processes, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.