COSO Enterprise Risk Management Framework

COSO Enterprise Risk Management - Integrated Framework promises to do for ERM what the COSO internal control framework did for internal control. That is, it promises to standardize a proven method for effectively identifying, assessing, and managing risk. The ERM framework incorporates many of the elements of the COSO internal control framework, but does not replace it or supersede it.

Volume One of the ERM framework includes an Executive Summary, the ERM framework itself, and seven appendices. Topics covered include:

• a definition of enterprise risk management;
• objective setting;
• event identification;
• risk assessment;
• risk response;
• control activities;
• information and communication;
• monitoring;
• roles and responsibilities;
• the limitations of ERM;
• a summary of key principles; and
• the relationship between the COSO ERM and COSO internal control frameworks.

Volume Two provides detailed techniques for applying the ERM framework. It includes practical illustrations of techniques that can be used at various levels of an organization. Checklists, graphs, charts, questionnaires, and other tools are provided.