In business, ERM includes the methods and processes used by organizations to manage risks related to the achievement of their objectives.
ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.
ERM is a risk-based approach to managing an enterprise, integrating concepts of strategic planning, operations management, and internal control. ERM is evolving to address the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex organizations to ensure they are appropriately managed. Regulators and debt rating agencies have increased their scrutiny on the risk management processes of companies.
About this workshop
The COSO "Enterprise Risk Management-Integrated Framework" defines ERM as: "A process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."
The COSO ERM Framework has eight components and four objectives categories. It is an expansion of the COSO Internal Control-Integrated Framework.
The eight components are:
- Internal Environment
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information and Communication
- Monitoring
The four objectives categories are:
- Strategy - high-level goals, aligned with and supporting the organization's mission
- Operations - effective and efficient use of resources
- Financial Reporting - reliability of operational and financial reporting
- Compliance - compliance with applicable laws and regulations
This workshop is ideal for those beginning the enterprise risk management process, as well as ERM implementation team leaders and members, and auditors at all levels who are interested in or contemplating implementation of ERM.
Benefits
On attending this workshop, participants will get a better understanding of
- Enterprise Risk Management (ERM)
- Risk assessment to cover all significant internal and external business risks.
- How to benchmark risk management tools and practices.
- New COSO ERM Framework.
- Current issues, challenges, and emerging practices regarding risk management, control, and governance processes.
Who should attend
The participants could be responsible for Risk Assessment & Management in any of the following positions within their organization:
- CEO / CFO / CIO / CTO / CISO
- Finance Manager/ Finance Controller
- Financial Process Consultants
- Information Security Managers / Officers
- System Administrators
- IT Support Staff
- IT Consultants
- IT Developers
- IT Management
- Process Consultants
- Process Managers
- Quality Assurance Professionals
- Risk & Compliance Professionals
- IT Service Providers
- IT Service Management Professionals
- Internal & External Audit Management teams
- Sarbanes-Oxley Implementation teams
- COBIT Implementation teams
- IT Auditors
- Key Business Users
Course Outline
- Introduction to Risk and Control
- Control Models (COSO and CoCo): What Every Internal Auditor Needs to Know
- Using COSO to Evaluate Internal Control
- Understanding Control Self-Assessment
- Control Self-Assessment Basics
- Effective Methods for Identifying Risks
- Examining, Evaluating, and Reporting on Management’s ERM Processes
- Measuring Business Risk - Quantitatively and Qualitatively
- The Internal Audit Role in Enterprise Risk Management
- Using Internal Control Concepts to Improve Assessments of Internal Control
|
