×

Publications

Risk Assessment for Mid-Sized Organisations: COSO Tools for a Tailored Approach, 2nd Edition

  • $39.00-$59.00
    Risk Assessment for Mid-Sized Organisations: COSO Tools for a Tailored Approach, 2nd Edition In Stock Product #: PCG1307P
    CGMA Holder: $39.00
    AICPA Member: $49.00
    Non-Member: $59.00
  • $29.00-$49.00
    Risk Assessment for Mid-Sized Organisations: COSO Tools for a Tailored Approach, 2nd Edition eBook Download Product #: PCG1307E
    CGMA Holder: $29.00
    AICPA Member: $39.00
    Non-Member: $49.00

Companies often struggle with the concept of enterprise risk management. The heart of ERM is the risk assessment process that has evolved from the COSO framework. This resource offers practical examples and explanations that lay out a clearly defined framework for approaching enterprise risk management from start to finish. It identifies risk at the entity level in small and medium size enterprises, and allows you to develop a tailored approach to an organization’s risk management requirements.

The publication features tightly written strategies and helpful diagrams that translate COSO guidelines into tactical plans and it includes a free download containing:

  • A set of Excel worksheets that show how following the ERM tactics will impact quantitative financial measurements
  • A PowerPoint presentation for training staff that are involved in the ERM process

Together this approach will allow you to create a solid structure for a risk management process that helps you avoid the internal and external risks that damaged so many organizations in the recent past. You will be able to:

  • Create a common language to define, identify, evaluate, and manage risk
  • Establish and agree on risk tolerances and risk appetite
  • Identify risk management expectations, current gaps, and risk owners
  • Leverage cross-functional expertise to manage risk to within acceptable levels
CGMA designation holders qualify for discounted pricing on this product. In order to receive your special pricing, you must be registered and signed in. View the complete list of development products available on CGMA.org.

If purchasing this title as an eBook, please note that it is intended for a single user. An eBook is a downloadable file that will be accessible immediately after completing your purchase. Access to the download link expires 180 days from the purchase date. Download the file before this time elapses. Before downloading your eBook, you must:

  • Download and activate Adobe Digital Editions® - a free program for accessing eBooks
  • Return to CPA2Biz.com and go to My Account > My Downloads
  • Click the eBook title to download and open automatically in Adobe Digital Editions

Note: To access your eBook on a smartphone, tablet or other reading device, see our FAQ. This product is refundable within 10 days of your purchase date. For more information about this product or service concerns, please contact the CPA2Biz/AICPA Service Center at service@cpa2biz.com or call 888-777-7077.

Excerpt

Chapter 4: Risk Management

Risk management response concepts are simple when you understand that you are limited to only four options:

  1. Internal controls
  2. Risk avoidance strategies
  3. Risk transfer (risk sharing) strategies
  4. Risk acceptance

Note that our experience indicates that when conducting risk assessment workshops and asking participants when they evaluate a given risk area to consider how it is managed, the number one response provided by participants is that the risk area is managed using internal controls. Because internal controls can be evaluated and tested in terms of design and operating effectiveness, the concept of control maturity can be incorporated into the risk assessment workshop using a control maturity model (CMM) (see the section on Control Maturity in this chapter).

In selecting risk management responses, a company defaults to risk acceptance when all other risk management strategies are exhausted or no other risk management strategy is employed. Enterprise risk management guides a company to ensure that risk acceptance aligns with management’s risk tolerance, risk appetite or both.

Key Insight: When facilitating the entity-wide risk assessment and asking participants to assess a given risk area, make sure to elicit whether they think controls are ‘well defined’ (see the control maturity scale in this chapter) or ‘soft’ (see repeatable in the control maturity scale) or ‘more informal’ (see immature in the CMM discussed later).

Internal controls that contain ‘defined’ or more ‘mature’ attributes can be more easily measured for design and operating effectiveness either through audit or self-assessment and hence provide positive assurance to stakeholders whether residual risk is within management’s acceptance levels.

After you establish participants’ views on formal or informal controls, ask them which risk management strategies they believe the company employs. Often there can be lack of clarity regarding the level within the organisation at which individual risks will be managed—that is, whether individual risks are to be ‘mitigated’ by the corporate shared service centres or left to business units to manage. Using CMMs will help draw out the collective wisdom of the organisation and get managers to agree on what functions are primarily responsible for managing risk and how shared services can best support the business units in achieving their goals. This will help break down silos and embed risk management into the business culture.

System Requirements

About the Authors

Scott McKay, CPA, CPE, CIA, CCSA



About the Publisher

AICPA

About the AICPA The American Institute of CPAs is the world’s largest member association representing the accounting profession, with more than 412,000 members in 144 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting. The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialty credentials for CPAs who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. Through a joint venture with the Chartered Institute of Management Accountants, it has established the Chartered Global Management Accountant designation, which sets a new standard for global recognition of management accounting.