Flashcards in COSO Enterprise Risk Management Framework Deck (3):
What areas does COSO's framework on Enterprise Risk Management focus on?
Providing a frame of reference for an organization in establishing a sound process for risk management that allows the organization to:
2) Effective and efficient operations
3) Avoid negative publicity that would have an adverse effect on the company's reputation
Components of COSO's Enterprise Risk Management framework
IS EAR AIM
Internal Environment (foundation for all ERM components)
Objective Setting (SORC = Strategic, Operational, Reporting, and Compliance = types of ERM objectives)
Event identification - Is the event a risk or opportunity to achieving the company's objectives?
Risk Assessment - assess those events identified as potential risks by determining how they would affect the Company.
Risk Response - weigh the costs and benfits of responding to the risk. Type of response can be accept, share, reduct, or avoid the risk. Need to align risk response with the company's risk appetite
Control Activities - do the activities align with the company's response to risks identified? Are the activities conducive to meeting the company's objectives?
Information and communication - should relay information to all levels of the company to ensure that efforts are aligned with the company's objectives, risk appetite, and internal environment (act with integrity and ethically)