Risk Assessment for Mid-Sized Organisations: COSO Tools for a Tailored Approach, 2nd Edition
Companies often struggle with the concept of enterprise risk management. The heart of ERM is the risk assessment process that has evolved from the COSO framework. This resource offers practical examples and explanations that lay out a clearly defined framework for approaching enterprise risk management from start to finish. It identifies risk at the entity level in small and medium size enterprises, and allows you to develop a tailored approach to an organization’s risk management requirements.
The publication features tightly written strategies and helpful diagrams that translate COSO guidelines into tactical plans and it includes a free download containing:
- A set of Excel worksheets that show how following the ERM tactics will impact quantitative financial measurements
- A PowerPoint presentation for training staff that are involved in the ERM process
Together this approach will allow you to create a solid structure for a risk management process that helps you avoid the internal and external risks that damaged so many organizations in the recent past. You will be able to:
- Create a common language to define, identify, evaluate, and manage risk
- Establish and agree on risk tolerances and risk appetite
- Identify risk management expectations, current gaps, and risk owners
- Leverage cross-functional expertise to manage risk to within acceptable levels
If purchasing this title as an eBook, please note that it is intended for a single user. An eBook is a downloadable file that will be accessible immediately after completing your purchase. Access to the download link expires 180 days from the purchase date. Download the file before this time elapses. Before downloading your eBook, you must:
- Download and activate Adobe Digital Editions® - a free program for accessing eBooks
- Return to CPA2Biz.com and go to My Account > My Downloads
- Click the eBook title to download and open automatically in Adobe Digital Editions
Note: To access your eBook on a smartphone, tablet or other reading device, see our FAQ. This product is refundable within 10 days of your purchase date. For more information about this product or service concerns, please contact the CPA2Biz/AICPA Service Center at firstname.lastname@example.org or call 888-777-7077.
Chapter 4: Risk Management
Risk management response concepts are simple when you understand that you are limited to only four options:
- Internal controls
- Risk avoidance strategies
- Risk transfer (risk sharing) strategies
- Risk acceptance
Note that our experience indicates that when conducting risk assessment workshops and asking participants when they evaluate a given risk area to consider how it is managed, the number one response provided by participants is that the risk area is managed using internal controls. Because internal controls can be evaluated and tested in terms of design and operating effectiveness, the concept of control maturity can be incorporated into the risk assessment workshop using a control maturity model (CMM) (see the section on Control Maturity in this chapter).
In selecting risk management responses, a company defaults to risk acceptance when all other risk management strategies are exhausted or no other risk management strategy is employed. Enterprise risk management guides a company to ensure that risk acceptance aligns with management’s risk tolerance, risk appetite or both.
About the Publisher