Flashcards in COSO ERM Model for IC Deck (13):
Igual que original COSO, ERM model shares a focus on
The what, where, and why of controls
COSO ERM adds 3 control components to "what" dimension
1. Objective Setting
2. Event identification
3. Risk response
Define risk response according to COSO ERM:
Management's response to risk. Depending on mgt's appetite for risk, observed risks may be avoided, reduced, shared, or accepted.
ERM COSO adds additional IC Organizational Objective:
Strategic. (Others: Operations, Reporting, Compliance)
Define Enterprise Risk Management
The methods and processes used by organizations to identify and manage the events and circumstances that influence the organization's ability to achieve objectives.
According to COSO, what 4 activities should be segregated
4. Reconciling, oversight, and auditing
Define "risk appetite"
The amount of risk exposure, or potential adverse impact from an event, that an organization chooses to accept or retain, as opposed to sharing, avoiding, reducing, or eliminating the risk.
Define "cross-enterprise risk"
A risk that occurs in multiple units in an organization.
Define "tone at the top"
The extent to which top management is ethical and proactive in establishing an ethical and moral tone & culture.
Define "change agents"
They promote and facilitate change related to the system of I/C. They act as catalysts; they meet w system stakeholders, and coordinate resources, to ensure that changes are understood and embraced by those stakeholders.
Critical Elements in Managing change in the system of I/C:
1. Change agents
2. Impediments to system user and designer communication
3. Management commitment and support
According to COSO ERM, the goals of risk management include: (6)
1. Aligning risk appetite and strategy
2. Improving risk responses
3. Reducing operational surprises and losses
4. Identifying and managing multiple and cross-enterprise risks
5. Seizing opportunities
6. Improving capital deployment