COSO ERM Framework

Question 1

COSO ERM Framework is called

Answer 1

Enterprise Risk Management—Integrating with Strategy and Performance

Question 2

The purpose of the COSO ERM Framework

Answer 2

The purpose of this framework is to help organisations accelerate growth and enhance performance by integrating ERM at every organisational level and applying the principles of the framework to everything from strategic decision making to performance management. It is applicable to all industries and all types of risk.

Question 3

The 5 components of the ERM framework

Answer 3

1. Governance and culture
2. Strategy and objective setting
3. Performance
4. Review and revision
5. Information, communication, and reporting

Question 4

COSO ERM component 1:
5 Principles of Governance and culture

Governance sets the organisation’s tone, reinforcing the
importance of, and establishing oversight responsibilities for, enterprise risk management.
Culture pertains to ethical values, desired behaviors, and understanding of risk in the entity

Answer 4

1. Exercises board risk oversight
2. Establishes operating structures - in the pursuit of business objectives
3. Defines desired culture - the desired behaviors
4. Demonstrates commitment to core values -
5. Attracts, develops, and retains capable individuals - in alignment with business objectives

Question 5

COSO ERM Component 2:
4 Principles of Strategy and objective setting

Enterprise risk management, strategy, and objective-setting work together in the strategic-planning process. A risk appetite is established and aligned with strategy; business objectives put strategy into practice while serving as a basis for identifying, assessing, and responding to risk.

Answer 5

6. Analyzes business context - considers potential effects of business context on risk profile
7. Defines risk appetite - in the context of creating, preserving, and realizing value.
8. Evaluates alternative strategies - and potential impact on risk profile.
9. Formulates business objectives - considers risk while establishing the business objectives at various levels that align and support strategy.

Question 6

COSO ERM Component 3:
5 Principles of Performance

Risks that may impact the achievement of strategy and business objectives need to be identified and assessed. Risks are prioritized by severity in the context of risk appetite. The organisation then selects risk responses and takes a portfolio view of the amount of risk it has assumed. The results of this process are reported to key risk stakeholders.

Answer 6

10. Identifies risk - that impacts the performance of strategy and business objectives.
11. Assesses severity of risk
12. Prioritizes risks - as a basis for selecting risk responses.
13. Implements risk responses
14. Develops a portfolio view of risk

Question 7

COSO ERM Component 4:
3 Principles of Review and Revision

By reviewing entity performance, an organisation can consider how well the enterprise risk management components are functioning over time and in light of substantial changes, and what revisions are needed.

Answer 7

15. Assesses substantial change - that may substantially affect strategy and business objectives.
16. Reviews risk and performance
17. Pursues improvement in enterprise risk management

Question 8

COSO ERM Component 5:
3 Principles of Information, Communication, and Reporting

Enterprise risk management requires a continual process of obtaining and sharing necessary information, from both internal and external sources, which flows up, down, and across the organisation.

Answer 8

18. Leverages information and technology - technology systems support enterprise risk management.
19. Communicates risk information
20. Reports on risk, culture, and performance - at multiple levels