ERM - COSO Model

Question 1

Reporting

Answer 1

Reliability of reporting e.g. financial statements

Question 2

Operations

Answer 2

Effective and efficient use of resources at an operation level in a business

Question 3

Compliance

Answer 3

Compliance with applicable laws and regulations e.g. Health & safety

Question 4

Strategic

Answer 4

Support the achievement of high-level strategic goals, aligned with and supporting its mission

Question 5

Information & Communication

Answer 5

Relevant information is identified, captured and communicated in a manner than enables people to carry out their responsibilites

Question 6

Risk assessment

Answer 6

Risks are analysed and mapped out onto a risk map. This is done on both a gross and net basis.

Question 7

Control activities

Answer 7

Policies and procedures are established and implemented to help ensure the risk responses are carried out effectively

Question 8

Internal environement

Answer 8

Sets the tone of an organisation, and the basis for how risk is viewed and addressed. Also known as the “control environment”

Question 9

Monitoring

Answer 9

The entirety of enterprise risk management is monitored through ongoing management activities and separate evaluations

Question 10

Objective setting

Answer 10

Objectives are aligned with an entity’s mission and risk appetite must exist before management can identify the risks impacting their achievement

Question 11

Risk response

Answer 11

Management selects a risk response, developing a set of actions to align risks with the entity’s risk tolerances and risk appetite

Question 12

Event identification

Answer 12

Identifying internal and external events affecting achievement of an entity’s objective e.g. a competitor’s actions or staff error.