Professional Documents
Culture Documents
The Coso Erm
The Coso Erm
The COSO ERM focuses on the strategic alignment of the firm’s mission with its risk
appetite, basis for developing risk-based internal control systems, to stress the
importance of considering risk in both the strategy-setting process focus of both
management and external auditors and in driving performance
ERM is defined as “the culture, capabilities, and practices that organizations integrate with
strategy-setting and apply when they carry out that strategy, with a purpose of managing
risk in creating, preserving, and realizing value.”
2. Risk Assessment: Risk assessment involves a dynamic and iterative process for
identifying and assessing risks to the achievement of objectives. Risks to the
achievement of these objectives from across the entity are considered relative to
established risk tolerances. A precondition to risk assessment is the establishment of
objectives, linked at different levels of the entity. Management also considers the
suitability of the objectives for the entity. Risk assessment also requires management to
consider the impact of possible changes in the external environment and within its own
business model that may render internal control ineffective.
Risk assessment —involves a dynamic process for identifying and analysing a firm’s
risks from external and internal environments. Risk assessment allows a firm to
understand the extent to which potential events might affect corporate objectives. Risks
are analyzed after considering the likelihood of occurrence and the potential loss. The
analysis serves as a basis for determining how the risks should be managed. This
component will be discussed later in the chapter.
3. Control Activities: Control activities are the actions established through policies
and procedures that help ensure that management’s directives to mitigate risks to the
achievement of objectives are carried out. Control activities are performed at all levels