COSO Enterprise Risk Management Framework Flashcards
What areas does COSO’s framework on Enterprise Risk Management focus on?
Providing a frame of reference for an organization in establishing a sound process for risk management that allows the organization to:
1) xxxx
2) Effective and efficient operations
3) Avoid negative publicity that would have an adverse effect on the company’s reputation
Components of COSO’s Enterprise Risk Management framework
IS EAR AIM
Internal Environment (foundation for all ERM components)
Objective Setting (SORC = Strategic, Operational, Reporting, and Compliance = types of ERM objectives)
Event identification - Is the event a risk or opportunity to achieving the company’s objectives?
Risk Assessment - assess those events identified as potential risks by determining how they would affect the Company.
Risk Response - weigh the costs and benfits of responding to the risk. Type of response can be accept, share, reduct, or avoid the risk. Need to align risk response with the company’s risk appetite
Control Activities - do the activities align with the company’s response to risks identified? Are the activities conducive to meeting the company’s objectives?
Information and communication - should relay information to all levels of the company to ensure that efforts are aligned with the company’s objectives, risk appetite, and internal environment (act with integrity and ethically)
Monitoring
What can internal auditors do and not do when it comes to a Company’s internal controls and risk management process?
Assess the effectiveness of internal controls and risk management process.
Cannot ever implement controls or processes. Must be independent in order to make assessments.
Must have access to the audit committee