Professional Documents
Culture Documents
7
© 2020 Association of Certified Fraud Examiners, Inc.
COSO Enterprise Risk Management
– Integrated Framework 2004
Enterprise Risk Management:
• Is a process
• Is effected by people
• Is applied in strategy setting
• Is applied across the enterprise
New • Is designed to identify potential
events
• Manages risks with risk appetite
• Provides reasonable assurance
• Supports achievement of
objectives
8
© 2020 Association of Certified Fraud Examiners, Inc.
Updated ERM IC 2017
Updated ERM IC 2017
✓ Adopts a components and principles structure
✓ Adopts a components and principles structure
✓ Simplifies the definition of enterprise risk management
✓ Simplifies the definition of enterprise risk management
✓ Emphasizes the relationship between risk and value
✓ Emphasizes the relationship between risk and value
✓ Renews the focus on the integration of enterprise risk management
✓ Renews the focus on the integration of enterprise risk management
✓ Examines the role of culture
✓ Examines the role of culture
✓ Elevates discussion of strategy
✓ Elevates discussion of strategy
✓ Enhances the alignment between performance and enterprise risk management
✓ Enhances the alignment between performance and enterprise risk
✓ Links enterprise risk management into decision-making more explicitly
management
✓ enterprise
✓ Links Delineates between enterprise into
risk management risk management and internal
decision-making control
more explicitly
✓ Delineates between✓enterprise
Refines risk
riskappetite and tolerance
management and internal control
✓ Refines risk appetite and tolerance
ISO 31000:2018
(ISO 31004:2013
& ISO 31010:2009
plus Guide 73)
Risk =
the effect of
uncertainty
on
objectives
No entity-level compliance
certification available but e.g.
C31000, AT31000, CT31000
for professionals
NB compare with
COSO ERM!
http://www.youtube.com/wa
tch?v=eS2T8IVd7io
http://www.linkedin.com/company/g31000
14
© 2020 Association of Certified Fraud Examiners, Inc.
The Truth
“F or a German and a F inn,
the truth is the truth.
I n Japan and Great Britain everything is O.K.,
as long as nothing is disturbed in the process.
See also I n China, See also
ISO 31004 ISO 31010
there is no such thing as absolute truth.Risk
Guidance
for the assessment
Implement- techniques
ation of I n I taly, (31 in all,
but only a
ISO 31000
it is open to negotiation.” selection!)
16