ebook img

Enterprise Risk Management - Integrated Framework PDF

246 Pages·2008·3.93 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Enterprise Risk Management - Integrated Framework

Enterprise Risk Management — Integrated Framework Executive Summary Framework September 2004 The Committee of Sponsoring Organizations of the Treadway Commission Copyright © 2004 by the Committee of Sponsoring Organizations of the Treadway Commission. 1 2 3 4 5 6 7 8 9 0 MPI 0 9 8 7 6 5 4 Additional copies of Enterprise Risk Management – Integrated Framework: Executive Summary and Framework and Enterprise Risk Management – Integrated Framework: Application Techniques, 2 vol. set, item # 990015 may be obtained by calling toll free 1- 888 -777-7077 or visiting www.cpa2biz.com. All rights reserved. For information about reprint permission and licensing please call (201) 938- 3245. A permissions request form for emailing requests is available at www.aicpa.org/cpyright.htm. Otherwise, requests should be submitted in writing and mailed to Permissions Editor, AICPA , Harborside Financial Center, 201 Plaza Three, Jersey City, NJ 07311-3881. Committee of Sponsoring Organizations of the Treadway Commission (COSO) Oversight Representative COSO Chair John J. Flaherty American Accounting Association Larry E. Rittenberg American Institute of Certified Public Accountants Alan W. Anderson Financial Executives International John P. Jessup Nicholas S. Cyprus Institute of Management Accountants Frank C. Minter Dennis L. Neider The Institute of Internal Auditors William G. Bishop, III David A. Richards Project Advisory Council to COSO Guidance Tony Maki, Chair James W. DeLoach John P. Jessup Partner Managing Director Vice President and Treasurer Moss Adams LLP Protiviti Inc. E. I. duPont de Nemours and Company Mark S. Beasley Andrew J. Jackson Tony M. Knapp Professor Senior Vice President of Senior Vice President and North Carolina State University Enterprise Risk Assurance Controller Services Motorola, Inc. American Express Company Jerry W. DeFoor Steven E. Jameson Douglas F. Prawitt Vice President and Controller Executive Vice President, Chief Professor Protective Life Corporation Internal Audit & Risk Officer Brigham Young University Community Trust Bancorp, Inc. PricewaterhouseCoopers LLP Author Principal Contributors Richard M. Steinberg Miles E.A. Everson Former Partner and Corporate Partner and Financial Services Governance Leader (Presently Finance, Operations, Risk and Steinberg Governance Compliance Leader Advisors) New York Frank J. Martens Lucy E. Nottingham Senior Manager, Client Manager, Internal Firm Services Services Vancouver, Canada Boston iii FOREWORD Over a decade ago, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued Internal Control – Integrated Framework to help businesses and other entities assess and enhance their internal control systems. That framework has since been incorporated into policy, rule, and regulation, and used by thousands of enterprises to better control their activities in moving toward achievement of their established objectives. Recent years have seen heightened concern and focus on risk management, and it became increasingly clear that a need exists for a robust framework to effectively identify, assess, and manage risk. In 2001, COSO initiated a project, and engaged PricewaterhouseCoopers, to develop a framework that would be readily usable by managements to evaluate and improve their organizations’ enterprise risk management. The period of the framework’s development was marked by a series of high-profile business scandals and failures where investors, company personnel, and other stakeholders suffered tremendous loss. In the aftermath were calls for enhanced corporate governance and risk management, with new law, regulation, and listing standards. The need for an enterprise risk management framework, providing key principles and concepts, a common language, and clear direction and guidance, became even more compelling. COSO believes this Enterprise Risk Management – Integrated Framework fills this need, and expects it will become widely accepted by companies and other organizations and indeed all stakeholders and interested parties. Among the outgrowths in the United States is the Sarbanes-Oxley Act of 2002, and similar legislation has been enacted or is being considered in other countries. This law extends the long-standing requirement for public companies to maintain systems of internal control, requiring management to certify and the independent auditor to attest to the effectiveness of those systems. Internal Control – Integrated Framework, which continues to stand the test of time, serves as the broadly accepted standard for satisfying those reporting requirements. This Enterprise Risk Management – Integrated Framework expands on internal control, providing a more robust and extensive focus on the broader subject of enterprise risk management. While it is not intended to and does not replace the internal control framework, but rather incorporates the internal control framework within it, companies may decide to look to this enterprise risk management framework both to satisfy their internal control needs and to move toward a fuller risk management process. Among the most critical challenges for managements is determining how much risk the entity is prepared to and does accept as it strives to create value. This report will better enable them to meet this challenge. John J. Flaherty Tony Maki Chair, COSO Chair, COSO Advisory Council v Table of Contents Executive Summary .................................................................................................................3 Framework ............................................................................................................................11 1. Definition .....................................................................................................................13 2. Internal Environment ...................................................................................................27 3. Objective Setting..........................................................................................................35 4. Event Identification......................................................................................................41 5. Risk Assessment ..........................................................................................................49 6. Risk Response ..............................................................................................................55 7. Control Activities .........................................................................................................61 8. Information and Communication .................................................................................67 9. Monitoring ...................................................................................................................75 10. Roles and Responsibilities ...........................................................................................83 11. Limitations of Enterprise Risk Management ...............................................................93 12. What to Do ...................................................................................................................97 Appendices A. Objectives and Methodology .......................................................................................99 B. Summary of Key Principles .......................................................................................101 C. Relationship Between Enterprise Risk Management – Integrated Framework and Internal Control – Integrated Framework .................................................................109 D. Selected Bibliography ................................................................................................113 E. Consideration of Comment Letters ............................................................................115 F. Glossary .....................................................................................................................121 G. Acknowledgments......................................................................................................125 vii Enterprise Risk Management — Integrated Framework Executive Summary September 2004

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.