Enterprise Risk Management
Enterprise Risk Management (ERM) is a risk-based approach to managing an enterprise, integrating concepts of strategic planning, operations management, and internal control. ERM is evolving to address the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex organizations to ensure they are appropriately managed. Regulators and debt rating agencies have increased their scrutiny on the risk management processes of companies.

In business, ERM includes the methods and processes used by organizations to manage risks related to the achievement of their objectives.

ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.

About this workshop

The COSO ERM Framework has eight components and four objectives categories. It is an expansion of the COSO Internal Control-Integrated Framework.

The eight components are:

  • Internal Environment
  • Objective Setting
  • Event Identification
  • Risk Assessment
  • Risk Response
  • Control Activities
  • Information and Communication
  • Monitoring

The four objectives categories are:

  • Strategy - high-level goals, aligned with and supporting the organization's mission
  • Operations - effective and efficient use of resources
  • Financial Reporting - reliability of operational and financial reporting
  • Compliance - compliance with applicable laws and regulations

This workshop is ideal for those beginning the enterprise risk management process, as well as ERM implementation team leaders and members, and auditors at all levels who are interested in or contemplating implementation of ERM.


On attending this workshop, participants will get a better understanding of

  • Enterprise Risk Management (ERM)
  • Risk assessment to cover all significant internal and external business risks.
  • How to benchmark risk management tools and practices.
  • New COSO ERM Framework.
  • Current issues, challenges, and emerging practices regarding risk management, control, and governance processes.

Who should attend

This workshop is meant for professionals responsible for Enterprise Risk Management in any organization

  • CEO / CFO / CIO / CTO / CISO
  • Finance Manager / Finance Controller
  • IS / IT Specialist / Analyst / Manager
  • IS / IT Auditor / Consultant
  • IS / IT Head / Director
  • IT Operations Manager / Head / Director
  • IT Compliance Manager / Head / Director
  • Process Associate / Consultant / Manager
  • Quality Assurance Professional
  • Risk & Compliance Professional
  • Business Analyst
  • IT Service Provider / Management Professional
  • Internal & External Audit Management team
  • Sarbanes-Oxley Implementation team
  • COBIT Implementation team
  • Key Business User
Anyone aspiring to understand Enterprise Risk Management would benefit from this workshop. There are no pre-requisites for participating in this ERM workshop. However, this workshop is restricted to participants who have some exposure to process, controls and risk management.

Course Outline

  • Introduction to Risk and Control
  • Control Models (COSO and CoCo)
  • Using COSO to Evaluate Internal Control
  • Understanding Control Self-Assessment
  • Control Self-Assessment Basics
  • Effective Methods for Identifying Risks
  • Examining, Evaluating, and Reporting on Management’s ERM Processes
  • Measuring Business Risk - Quantitatively and Qualitatively
  • The Internal Audit Role in Enterprise Risk Management
  • Using Internal Control Concepts to Improve Assessments of Internal Control
Customer Feedback