spacer
Home   |   about   |   career   |   sitemap   |   832-261-4747   
Client Login

HighPoint™ Enterprise, the next generation GRC Solution. HighPoint™ Enterprise offers a comprehensive approach to addressing governance & compliance by strategically managing business & information risks & internal controls.
Left Corner

Enterprise Risk Management (ERM) :

Right Corner

ERM frameworks

Two important ERM frameworks are COSO and RIMS. Each describes an approach for identifying, analyzing, responding to, and monitoring risks or opportunities, within the internal and external environment facing the enterprise. Management selects a risk response strategy for specific risks identified and analyzed, which may include:

  • Avoidance: exiting the activities giving rise to risk
  • Reduction: taking action to reduce the likelihood or impact related to the risk
  • Share or insure: transferring or sharing a portion of the risk, to reduce it
  • Accept: no action is taken, due to a cost/benefit decision.
Monitoring is typically performed by management as part of its internal control activities, such as review of analytical reports or management committee meetings with relevant experts, to understand how the risk response strategy is working and whether the objectives are being achieved.

COSO ERM framework

The COSO "Enterprise Risk Management-Integrated Framework" published in 2004 defines ERM as: "A process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."

The COSO ERM Framework has eight Components and four objectives categories. It is an expansion of the COSO Internal Control-Integrated Framework published in 1992 and amended in 1994. The eight components - additional components highlighted - are:

  • Internal Environment
  • Objective Setting
  • Event Identification
  • Risk Assessment
  • Risk Response
  • Control Activities
  • Information and Communication
  • Monitoring

The four objectives categories additional components highlighted are:

  • Strategy - high-level goals, aligned with and supporting the organization's mission
  • Operations - effective and efficient use of resources
  • Financial Reporting - reliability of operational and financial reporting
  • Compliance - compliance with applicable laws and regulations
seperator

Back to Articles Home
Back to Enterprise Risk Management category
Left Corner
Upcoming Events
Right Corner
Left Corner
Blogs Corner
Right Corner
Latest Blogs
1. Best Practices for Performing Risk Assessments. Click here to read
2. Understanding Enterprise Risk Management In-Depth Click here to read
3. Concept of GRC & and its impact on your business. Click here to read
4. IT Governance, Risk, and Compliance (ITGRC). Click here to read
5. Subprime Mortgage Meltdown. Click here to read
6. Data Theft. Click here to read
Subscribe Today
spacer
spacer
Home    |    About    |    Industry    |    GRC Implementation/Training    |    Service Overview    |    Partners    |    Contact Favored Solutions
HighPoint™ Enterprise Suite    |    HighPoint Controls™    |    HighPoint Assessments™    |    HighPoint Audits™
Locations Favored Solutions   |    Business Resources    |    Article Resources

Copyright © 2008 Favored Solutions.net