Definitions and Features of Enterprise Risk Management Flashcards
What is the COSO definition of Enterprise Risk Management?
ERM is a process effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, manage risk to be within its risk appetite and to provide reasonable assurance regarding the achievement of entity’s objectives.
What is the IIA definition of Enterprise Risk Management?
A rigorous and coordinate approach to assessing and responding to all risks that affect the achievement of an organisation’s strategic and financial objectives.
What are the 3 features of ERM that the COSO definition touches on?
- Top down approach
- Process for identifying threats to business.
- Understanding and articulation of business’ risk appetite and tolerance.
How many features of ERM are there?
10
What are the features of ERM?
- Encompasses all areas of exposure
- Integrated portfolio of risk rather than silo view.
- Evaluates internal and external context
- Recognises that risk exposures are interrelated.
- Qualitative or quantitative structured process.
- Seek to embed risk management in decision making.
- Helps identify risk to strategy
- Communicates risk issues
- Supports the activities of internal audit
- Sees risk management as a source of competitive advantage.
What are the differences between traditional risk management and ERM?