POSSIBILITY THAT AN EVENT WILL OCCUR AND ADVERSELY AFFECT THE ACHIEVEMENT OBJECTIVES
THREAT
RISK
THE POSSIBILITY THAT AN EVENT WILL OCCUR AND POSITIVELY AFFECT THE ACHIEVEMENT OF OBJECTIVES
POSITIVE
OPPORTUNITY
WHAT ARE THE 4 FUNDAMENTAL RISKS
- RISK BEGINS WITH STRATEGY SETTING AND OBJECTIVE SETTING (NO OBJECTIVES - NO RISK)
- RISK ISN’T A SINGLE POINT ESTIMATE, IT’S A RANGE OF OUTCOMES
- RISK MAY BE PREVENTING BAD THINGS FROM HAPPENING OR FAILING TO ENSURE GOOD THINGS HAPPEN
- RISKS ARE INHERENT - WHEN THERE ARE UNCERTAINTIES, THERE ARE RISKS
9 FUNDAMENTAL ASPECTS OF ERM ACCORDING TO COSO
- PROCESS IS ONGOING AND FLOWS THROUGHOUT THE ORG
- EFFECTED BY PEOPLE AT EVERY LEVEL
- APPLIED WHEN SETTING STRAT
- APPLIED ACROSS THE ORG AT EVERY LEVEL
- FOCUS ON TAKING ENTRY LEVEL PORTFOLIO VIEW OF RISK
- DESIGNED TO IDENTIFY POTENTIAL EVENTS THAT, IF THEY OCCUR, CAN AFFECT THE ORG
- ENABLE MGMT OF RISK WITHIN AN ORG’S RISK APPETITE
- PROVIDES ASSURANCE TO ORG’S MGMT AND BOD
- GEARED TOWARD ACHIEVEMENT OF OBJECTIVE IN ONE OR MORE SEPARATE BUT OVERLAPPING CATEOGIRES
4 TYPES OF COSO ERM OBJECTIVES
- STRATEGIC
- OPERATIONS
- REPORTING
- COMPLIANCE
8 COMPONENTS OF ERM
- INTERNAL ENVIRONMENT
- OBJECTIVE SETTING
- EVENT IDENTIFICATION
- RISK ASSESSMENT
- RISK RESPONSE
- CONTROL ACTIVITIES
- INFORMATION AND COMMUNICATION
- MONITORING
HIGH LEVEL GOALS THAT ARE ALIGNED WITH AND SUPPORT THE ORG’S MISSION
STRATEGIC OBJECTIVES
BROAD GOALS PROMOTING EFFECTIVE AND EFFICIENT USE OF RESOURCES
OPERATIONS OBECTIVES
GOALS FOCUSING ON THE RELIABILITY OF REPORTING
REPORTING OBJECTIVES
GOALS ENFORCING COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS
COMPLIANCE OBJECTIVES
COSO COMPONENT THAT ENCOMPASSES THE TONE OF AN ORG AND SETS THE BASIS FOR HOW RISK AND CONTROL ARE VIEWED AND ADDRESS BY ENTITY’S PEOPLE
INTERNAL ENVIRONMENT
COSO COMPONENT THAT ESTABLISHES A BASIS FOR OPERATIONS, REPORTING, AND COMPLIANCE OBJECTIVES
OBJECTIVE SETTING
COSO EXTERNAL RISK FACTORS IN EVENT ID
ECONOMIC EVENTS, NATURAL EVENTS, POLITICAL EVENTS, SOCIAL EVENTS, AND TECH EVENTS
COSO INTERNAL RISK FACTORS IN EVENT ID
INFRASTRUCTURE FACTORS, PERSONNEL FACTORS, PROCESS FACTORS, TECH FACTORS
WHAT IS THE RISK FORMULA
INHERENT RISK - MGMT MITIGATION = RESIDUAL RISK
RESIDUAL RISK SHOULD BE WITHIN THE RISK APPETITE
4 COSO RISK RESPONSES
- AVOIDANCE
- REDUCTION
- SHARING
- ACCEPTANCE
EXITING OR DIVESTING OF THE ACTIVITIES GIVING RISE TO RISK
AVOIDANCE
ACTION TAKEN TO REDUCE RISK LIKELIHOOD OR IMPACT
REDUCTION
REDUCING RISK BY TRANSFERRING OR OTHERWISE SHARING A PORTION OF THE RISK
SHARING
INSURANCE
NO ACTION IS TAKE TO AFFECT RISK LIKELIHOOD OR IMPACT
ACCEPTANCE
6 COSO CONTROL ACTIVITES
- TOP LEVEL REVIEWS
- DIRECT FUNCTIONAL OR ACTIVITY MGMT
- INFO PROCESSING CONTROLS
- PHYSICAL CONTROLS
- PERFORMANCE INDICATORS
- SEGREGATION OF DUTIES
CONTROL TYPICALLY EXECUTED AT THE ENTITY LEVEL, SUCH AS PERFORMANCE AGAINST BUDGET, UPDATED FCST, MONITORING OF COMPETITOR ACTIONS, OR COST CONTAINMENT INITIATIVES
TOP-LEVEL REVIEWS
CONTROLS EXECUTED BY MANAGERS RUNNING SPECIFIC FUNCTIONS OR ACTIVITIES
DIRECT FUNCTIONAL OR ACTIVITY MGMT
WHAT ARE ONGOING MONITORING ACTIVITIES
OCCUR IN THE NORMAL COURSE OF DAY-TO-DAY MGMT ACTIVITIES
