Assignment

Subject: DLMBAEBECG01 - Business Ethics and Corporate Governance

Course Name: Master of Business Administration (MBA) - 90 ECTS

st
Date of Second Submission: 31 January 2024
Please note that this submission is a second attempt.
th
Date of First Submission: 5 December 2023

Task Identification: 1.3 Task 3: Enterprise Risk Management

Task requirements:

 Provide an the concept of Enterprise Risk Management (ERM) within the range of
governance mechanisms and explain ERM’s value for Corporate Governance and
Business Ethics. Make sure you use literature beyond the one found in the course book.
 Select a Risk Management framework of your choice (e.g. COSO, ISO etc.) and explain its
characteristics, structure, relevance and impact.

Tutor Name: Prof. Naveed Khan

Submitted by:

 Student Name: Roma Rani Barik

 Matriculation ID: 42202246

University: IU Internationale Hochschule GmbH IU International University of Applied Sciences

Juri-Gagarin-Ring 152
D-99084 Erfurt

Campus: Frankfurter Allee 73A 10247 Berlin, Germany

 Table of Contents

1. Introduction...............................................................................................................................1
2. Definition of Risk and Types of Risks for an Enterprise:...........................................................2
3. The Approaches of Risk Management......................................................................................3
4. Enterprise Risk Management (ERM): An Overview..................................................................4
5. Core Benefits of ERM...............................................................................................................4
The core benefits of Enterprise Risk Management are defined below:..........................................4
6. ERM within the Range of Governance Mechanisms................................................................5
7. The Value of ERM’s Value on the Corporate Governance.......................................................5
8. The Risk Management Framework (RMF)................................................................................8
9. COSO ERM framework.............................................................................................................9
10. Characteristics of the COSO Framework................................................................................10
11. Limitations and Critiques for the COSO Framework...............................................................10
11.1. Structure of COSO’s RMF..............................................................................................11
11.2. Internal Control Relevance of RMF................................................................................12
12. The Relevance of RMF...........................................................................................................13
13. Impact of COSO’s RMF..........................................................................................................14
14. Conclusion:.............................................................................................................................15
15. References..............................................................................................................................17
1. Introduction

The unchartered territories have uncertainties in the present entrepreneurial setting, which is full of
dynamism where opportunities or threats are not yet evident unless developments arise due to future
events (Anton and Nucu, 2020). Political or economic uncertainty gives rise to different risks that may
be difficult for organizations to manage. Businesses may be subjected to strict regulations in a
specific country leading to operational risks or financial risks. It further highlights the need to come up
with unique approaches that help businesses manage risks based on specific tools including risk
matrix or risk register. It also indicates the importance of an effective risk management framework that
enables businesses to continuously prioritize risks and manage them accordingly as per the scenario.

The risk management approaches may be broadly targeted towards non-financial risks, and it is
relatively challenging to place concerted effort across the various branches and functionalities under
which a business operates. In this regard, there is a need for a wide-range coverage that may result
in the modern-day enterprise risk management (ERM) framework. The ERM framework refers to a
specific model that helps to manage organizational risks. It is a type of top-down technique that
enables the managers to shape the company’s overall risk position (Sefako and Tshehla, 2019). As
late as 2008-2009, when the financial crisis was ongoing thus attracting the attention of specialists in
this field, they would raise questions about the effectiveness of these programs. It, in effect, required
more advanced equivalents of what we have now (Chen et al., 2020). The theory does not only
constitute of sound regulatory framework, but it is also seen as an enabler for value-addition in the
firm. Without the ERM model, companies may not be able to manage big and small risks with
effectiveness. Hence, a need for ERM exists in both small and big companies to manage different
types of risks including operational risk, financial risk, and technology risk.

This assignment has a strong emphasis on discussing the concept of ERM in-depth within the range
of governance mechanisms. It further explains the ERM’s value for business ethics and corporate
governance. Further, the Committee of Sponsoring Organizations (COSO) framework is selected, and
its relevance, impact, structure, and characteristics are explained in this assignment.

1
2. Definition of Risk and Types of Risks for an Enterprise:

Risk is referred to as doubt of the occurrence of a positive outcome on an event that has happened in
the future (McShane, 2018). Though it is almost impossible to define present risks, a probability
distribution may be assigned for a possible endpoint with the help of statistical and methodological
methods which are based on proven experiences, or in other words qualitative and quantitative
research as well as being analyzed the rate of growth (Chen et al., 2020). The firms need to
differentiate between risks and losses. It is also critical to examine specific types of risks and how
these can be managed while also running the operations smoothly. It is important to also examine and
prioritize risks based on their uncertainty and occurrence.

2.1 Operational Risk: The operation risk is a kind of failure, disruption, or inefficiency to the ball team
and their related activities (Hubbard, 2020).
Strategy Risk: The risk is the “higher returns” available because of choosing to take it which is
deemed as an inherently risky strategy (Sefako and Tshehla, 2019).
 Financial Risk: Various risks, for example, poor internal controls and issues to do with deficient
control risks such as scams, foreign exchange risk, interest rate exposure causing losses in
investment and business valuation exposures accounting frauds. These have problems
pronounce cash flow liquidity challenges etc (Rahmawati and Prasetyo, 2020).
 Technology Risk: Failure of technology from failure, incompatibility problems, aging, or
outmoded existing technology results in business interruptions.
 Compliance Risk (Legal & Regulatory): Non-awareness of the laws and rules that guide
business practices like tax Acts, securities exchange guides, environmental protection laws,
and labor safety directives (Hubbard, 2020).
 Outsourcing Risk: With the accepted business process risk case, an outsourcing decision is
made for information security and data confidentiality of workers’ health as well as that of the
environment, productivity loss, wastage avoidance rework, and potential customer loss (Kuo et
al., 2021).

2
 Figure 1 —Risk management principles framework: Source: (Abbas et al., 2021)

The above figure illustrates the association between risk management principles, processes, and
frameworks (Abbas et al., 2021). The principles outline the core characteristics associated with risk
management including tailored approaches and responsiveness. However, the process includes the
overall procedure stepwise from establishing the context to risk treatment. The framework
demonstrates the interconnectedness of risk management principles, processes, and frameworks.
These principles define essential traits such as tailored approaches and responsiveness, while the
risk management process encompasses steps from context setting to risk treatment implementation.
Principles serve as foundational guidelines, emphasizing values like transparency and accountability.
Processes delineate the systematic approach to risk identification, assessment, and mitigation.
Frameworks provide structured guidance for integrating principles and processes, ensuring
consistency across organizational functions. In summary, aligning these elements enables
organizations to develop comprehensive risk management practices suited to their unique needs and
objectives.

3. The Approaches of Risk Management

Some unimportant and superfluous risks by selling them off, hedging, or diversifying can be
eliminated. Once evaluating the value of this firm, management has to determine the value that might
prevail if discarded as compared to more deterioration or destructiveness from risky operations. In
events, the risks may be minimized more than establishing the business practices, such as ex-ante

3
 due diligence and concurrent process control and audit (Abbas et al., 2021). In the absence of a firm
competitive advantage in sustaining a risk and continuing it, it can be transferred by some other
players in the market. Some risks are non-avoidable, in that a business cannot remove such risks
even after identification as their avoidance would accrue to unsuitable business relevancy such as
disproportionate impacts on performance, and complexity because of variations of value and secrecy
or confidentiality across the section (Hutsaliuk et al., 2020). Such types could be overcome by the
ownership of capital or through diversification in the portfolios. To reveal the details of reasons how
much attention differing from German authorities dedicated to risk management, in this assignment as
an illustration a type of Banking and Financial Services Industry was selected with some instances of
employers paying enough attention to develop their staff successfully.

4. Enterprise Risk Management (ERM): An Overview

ERM stands for enterprise risk management, which will be used within the current project to refer to
operations that take place across a range of separate risk categories at the corporate level as
opposed to managing entities on a case-by-case basis. It is a system that allows managers to face
effectively the realization of risks to emerge and strategic control materialized ones. Essentially, it
represents a surveillance model that supports conscious risks and escalation mechanisms that
ensure continued decision-making measured, rational decisions on the part of well-calculated and
tactful. ERM helps those decisions that are evidence-based as well as in reducing loss arising from
the risks known to be contingent (Malik, Zaman, and Buckby, 2020).
McShane (2018) argued that ERP is a framework to achieve goals and strategy development
procedure that helps in charting out plausible uncertainties, issues of the probability nature forecasts,
and volatilities that can be faced by business which may prevent it from achieving its desired
milestone. It also helps a lot to analyze specific events that can generate opportunities while also
complying with the strict regulations of industries.
There is nothing like a “single-step” implementation for the ERM system; rather, it’s an example of the
accumulative processes used to realize, understand, and deal with problems that all businesses at
one time or another are faced with (Abbas et al., 2021). The positive stream of the system not only
provides the company with a certain level of assurance regarding business continuity but also,
ensures complete realization of objectives.

5. Core Benefits of ERM

The core benefits of Enterprise Risk Management are defined below:
 Reducing the external cost of capital: A reliable ERM framework helps in mitigating and
minimizing those risks that persist and has high assurance as far as the lenders and investors
are concerned.
 Increased Risk Awareness: Omens a view of potential risk, it makes the company sensitive
about its identity alongside the preparedness that follows from vulnerabilities (Chen et al.,
4
 2020).
 Creating Synergies: The concept of an all-inclusive approach within ERM provides the
platform upon which diverse risk management activities are performed concurrently with a
joint purpose (Glowka et al., 2021).
 Reduced Agency risk: It helps in the limitation of liability for any act of omission or
commission that might be done by the business owners when delegating their business
managerial and operational responsibilities to its employees or other managers who are
working as agents on behalf of these owners (Hutsaliuk et al., 2020).
 Reduced Information problems: It answers the threat of meager information systems by
providing dependable, adequate, and quality information for making the right decisions
concerning business.

6. ERM within the Range of Governance Mechanisms

The evaluation of Chen et al. (2020) is that ERM refers to a process that not only integrates the risks
with strategic objectives but also detects those threats in corresponding risk. One of the most efficient
views to get access to those government mechanisms within the framework of ERM implementation
relates to the ability provided by all these systems that help a particular firm receive a competitive
advantage in the international economic environment. Complying with the Deloitte ERM model, three
significant aspects are there – process system and oversight (Glowka et al., 2021). The organizations
also paid attention to the control process of the UK because it combined autonomous external
pronouncements within its general ambit. Likewise, the UK government has also adopted its ERM
model to sense alternatives for putting into practice various procedures that can smoothen climate
change. Thus, the obvious position of the ERM model can be critically analyzed; it is to look at stock-
taking in the field of risk management and develop an effective monitoring system.

5
 Figure 2: ERM model: Source: (Saeidi et al., 2021)

7. The Value of ERM’s Value on the Corporate Governance

ERM has a positive impact on the corporate governance. It allows business leaders and managers to
protect their companies from reputational damage. The ERM framework further focuses on avoiding
the costly fines from the regulatory organizations, and reducing their exposure to core operational and
financial risks (Glowka et al., 2021). Companies further improve corporate governance by boosting
the governance value. By managing different types of risks including operational risk, financial risk,
compliance risk, and technology risk. The use of the ERM framework has gained popularity in the
corporate industry since several multinational companies (MNCs) specifically focus on managing
operational risks (Saeidi et al., 2021).

Certain codes required management to communicate effectively, timely, promptly, and frequently
communication with the Supervisory Board on all subjects concerned with risk occurrence of the risk
management rink failure/compliance plan. The changing of crucial aspects; this plan should be
presented to provide detailed information that will explain the deviation from plans and actual results.
It also requires the control to bring down the setup of a corporation and its revelation to any county
procedure monitor board (Malik et al., 2020). Even though the risks and non-compliance by
employees and third parties concern outsourcing agents, they also need a mechanism for reporting
such transactions.

The importance placed on ERM in corporate governance is born out of the fact that businesses can
manage negative reviews that consumers have regarding their brands therefore ensuring avoidance
of disrepute brand names. As Rahmawati and Prasetyo (2020) argued, the ERM model helps mitigate
serious fines that emanate from various bodies and regulating agencies. This is supplemented by
ERM which has a similar objective as well, with regards to reducing exposures in civil litigation. While
civil litigation might be in its nature long-term for organizations, as long as there is such a trend of
minimizing civil litigation by the organizations, they will perform great feats in their effective corporate
governance (Malik et al., 2020). It is noted that the ‘theory of ERM’ shows the stakeholder's safety
value by the fact as it is reflected that this model provides precaution to the spokesman’s worth. How
it also helps to normalize the business of those people because this encourages profitability at the
bottom line that actualizes their business ethics.

6
 Figure 3: “Uncertainty governance as a part of ERM”, Source: (Kuo et al., 2021)

The above figure illustrates the uncertainty governance as a core part of the ERM (Kuo et al., 2021).
The concept of uncertainty governance within Enterprise Risk Management (ERM), as highlighted
by Kuo et al. (2021), emphasizes the crucial role ERM plays in addressing uncertainties and
managing risks effectively within an organization.
 Regulatory updates: ERM involves staying updated with regulatory changes and compliance
requirements relevant to the industry. This ensures that the organization remains aligned with
legal standards and can adapt its risk management strategies accordingly.
 Improved visibility: ERM provides enhanced visibility into various risk factors and their
potential impact on the organization's objectives. This increased transparency enables
stakeholders to make informed decisions and take proactive measures to mitigate risks.
 Decentralization: ERM encourages the decentralization of risk management processes
across different levels of the organization. By involving various departments and stakeholders
in risk identification and mitigation efforts, ERM fosters a culture of risk awareness and
accountability throughout the organization.
 Elimination of barriers: ERM aims to eliminate silos and barriers that may hinder effective
communication and collaboration in risk management. By promoting open communication
channels and sharing relevant information across departments, ERM facilitates a more
integrated approach to risk management.
 Easy document upload: ERM systems often include features for easy document upload and
storage. This allows organizations to centralize risk-related documentation, such as risk
assessments, mitigation plans, and compliance records, making them readily accessible for
7
 stakeholders and auditors.

In summary, the key features of ERM for corporate governance outlined above contribute to creating
a robust risk management framework that enables organizations to proactively identify, assess, and
mitigate risks while promoting transparency, accountability, and compliance with regulatory
standards.

The main difference between a classical approach to risk management and nowadays practice is that
the formerly presented version was not as widely available in terms of approaches and creative
methods as it sounds to be today, when impending developments are not the only focus but also on
possible opportunities that could appear on the distant future. Its main concern is risk predictions,
redirecting from the initial data volume that has been enough because these events are or were faced
by the company at a certain point in time of its activities (Kuo et al., 2021). This means that the old
method is non-innovative and results in ambiguous and complex decisions about the newly
introduced risks arising from the altered business environment, rating of foreign currency integrated
markets, combining enterprises, and technical changes (Hutsaliuk et al., 2020). Quantified to be
insider mince in management that already previously managed and has a quantitative measure of it
through probability. Despite this, the level of uncertainty can be very subjective to executive opinions
– Despite not disallowing their presence and certainly not acknowledging that they do not affect
corporate value.

8. The Risk Management Framework (RMF)

Risk Management Framework (RMF) is a set of processes, protocols, and standards by which
business organizations can conduct cyber-risks assessment, manage the risks, and ensure that they
meet their best practices (Anton and Nucu, 2020). It is easier to understand how the quality control of
risk mitigation strategies works; as it can be seen that RMF makes such a process possible by which
business risks are put to implement and measured along with their assigned percentage for each
company. In answer to this, it should be pointed out that RMF is not a rule-based model and there
must be other additions to address the ruling body in case of uncertainties and undiscovered risks
(Kuo et al., 2021).

One of the best illustrations of this technique was used in a company headed by BP plc. CEO. The
writer proves that in this current year of 2007 Tony Hayward, the former CEO of BP plc. could not still
be watching. The applied rules were that no employee should e-mail so that one can avoid disasters
on roads, while carrying the coffee the staff must use lids since it is a good way showing prevent
spillage of not damaging costs incurred when cleaning (Rahmawati and Prasetyo, 2020). Rather than
focusing on the short; he worked on laws and policies to a point of minimum detail. In contrast, after
an elapse of three years, these acts resulted resulting rat the end and yet were hasty concerning
8
 human beings as they did so for nine long months that led to the horrific man-made disaster in the
Mexican Gulf Oil Rig explosion (Kuo et al., 2021). As an American agency report claims, the amount
of disaster was attributed to management failures in a way that people who were involved in this
process became incapable of recognizing what particular risk they had and how to properly evaluate
it, communicate with others about it, and address it.

The above example argues that RMF is generally associated with such an attitude to compliance-
related problems that can be settled by bringing regulations into play. It is also possible to point out
that there are various measures put in place to prevent such incidences; though, no regulations can
completely eradicate such possibilities or their results on business. The compliance-based approach
addresses that subsequently many predictable risks, but it is inadequate for external and strategic
risks.

9. COSO ERM framework

The RMF is covered with numerous forms including CAS (Casualty Actuarial Society), ISO, COSIO,
NIST, COBIT, etc. The main topic of the current section will be introduced with the COSO ERM
framework. Established around the mid-1980s, COSO was created. The COSO in 1992 revealed a
risk management structure (McShane, 2018). The popularity of this framework in the whole world
made it become a tool for installing systems for controlling put on, establishing the device trapping
rules, and appraising their efficiency. Finally, since then other times at the same time event huge
developments in business enterprises into even more complicated while industrialized organization
has entities that go beyond national borders (Naseem et al., 2020).

Furthermore, Stakeholders also demanded greater levels of transparency and accountability in the
governance structure as well as integrity in the internal disruption. Thus, the development of this
framework needed revision else it there comes out something similar to Integrated. It appeared on
May 14, 2013, with help from COSO. This framework was improved through the enlargement of the
subject matter of interest which was done by the introduction of other important forms of reporting
such as internal and non-financial reporting.

Figure 4: Phases of COSO Framework (source: Dangi et al., 2020)

The above figure illustrates the different phases of COSO framework. The first phase involves

9
 scoping and planning, the second phase involves documentation and assessment, the third phase
involves remediation planning, the fourth phase includes design and testing, and the fifth phase
involves optimization of internal control’s effectiveness.

10. Characteristics of the COSO Framework

It is important to discuss the key characteristics associated with the COSO framework. An effective
trait is related to operational efficiency and effectiveness. This framework ensures that the
organizations achieve the desired operational effectiveness and efficiency through the implementation
of an effective risk management structure (Chiu and Wang, 2019). Another major trait is financial
reporting reliability. This framework encourages the professionals to report the financials of the
organization in a manner that is free from discrepancies (Dangi et al., 2020). It focuses on exploring
and resolving the financial discrepancies that may arise when reporting financial information. Another
major characteristic is related to regulations compliance and applicability of laws. It motivates
organizations to comply with the regulations to manage risk and operate successfully in the industry.

11. Limitations and Critiques for the COSO Framework

Some internal control structures as in the case of COSO (The Committee of Sponsorship
Organizations of the Tread way Commission) are also very crucial and how they shape corporate
governance risk management and controls (Chiu and Wang, 2019). However, they do not lack their
laminates and their critics. Related to this aspect, a major concern is the powers given to boards or
senior management that would tip comprehensive controls as it leads to questioning the quality and in
turn leads to a risk rocker process (Dangi et al., 2020). Nevertheless, this issue only gets even more
challenging because of human biases and presuppositions that lead to variations due to delusions
when assessing, translating, and aspiring. The human factors have continued to peg the very core of
challenges and that is because they are now having a rather large input in these systems.

Furthermore, according to the study of Hutsaliuk et al., (2020), some of the business transactions are
sometimes a result of poor internal controls that do not match with the objectives of an organization.
They are also able to conceal the efficiency and population responsiveness of risk management
strategies. The third problem that also follows from the statement is how to estimate the economic
values of these frames. There is no universally accepted yardstick for the aforementioned
dimensions, and organs are therefore left in their ill-informed ways about truthful rates of return on
risk management investments.

The disadvantages of business may form the aspects that COSO stresses on arising from risks and
this can make an under-rating to be an overreaction because it is an emphasized subject answering
every question. This responsible position, although wise, can sometimes be a decree that an
10
organization will never get a chance to look for those opportunities (Naseem et al., 2020). Moreover,
all the elaborate structure is costly to manage and in some cases, even these amounts are greater
than the advantages obtained. Furthermore, critics pointed out that the COSO’s framework may be so
extensive, very enlightening, and far-reaching whereas it clearly emphasizes a top-down approach.
This is opposite to the ISO 31000 framework which has a general and forms both top-down as well as
bottom-up approaches (Eling, McShane, and Nguyen, 2021).

In addition to its failures, it is noted that COSO’s ERM has also developed a challenge originating
from the external screening mechanism. On the contrary, if factors like emerging market trends, legal
reforms, and international market changes are not done in-depth only risks such as underestimation
underreporting, or overweight may be accounted for (Fox, 2018). On the other hand, while Cited
COSO ERM provides for studies and mitigation studies by presenting internal control with systemic
risk monitoring that informs on an assessment of the emerging trends in risks, it is also subjected to
criticism. It may be due to persistent failure to incorporate ‘black swan’ events which are of high plight
but low probability nature and have the capability of disrupting (Thabit et al., 2017). Although such
events are rare, their outcomes include engulfing the company in copious losses and most risk
assessment frameworks do not take into consideration these incidents, leaving organizations
undefended from unexpected disasters. This highlights the need for a flexible and ever-changing
approach to risk management that is more far-reaching, adaptable, and dynamic but can be able to
adjust as well to changes in business life.

11.1. Structure of COSO’s RMF

The three-dimensional cube may be used as the structure of COSO since it shows the links between
its goals, which are painted in white on the top part of the cube and eight components aligned before
them while the third side to the right side represents the organization structure and its departments.

11
 Figure 5: Components of COSO Framework (source: Chiu and Wang, 2019)

•Strategic: To comply with the corporate strategic objectives such as the introduction of competition
or even pulling out, altogether from business operations (Fox, 2018). It allows for the analysis of risks
involved in achieving strategic means that can include, for example, the risk involved in a major
business investment and foregone opportunity due to considering issues on associated appetite for
organization (Eling et al., 2021).

• Operations: To see that the company is working by compliance which is the judgment of goals
attainment concerning operating and financial effectiveness and protection from embezzlement. Let’s
say, for example, reduce losses in throughput efficiency, product quality improvement, and initiatives
to support sustainability (Thabit et al., 2017). For profit-oriented firms, the purpose would be to
achieve the highest levels of gain in terms of profits attained and return on assets realized in addition
to being able to achieve liquidity. For profit-seeking organizations, focus is placed on the form of
business unit (or firm), receptiveness of consumers, increase in sales or revenue generation, and
redundancies.

• Reporting: This highlights strong, real-time, and well lawful practice on behalf of reliable reporting
on both monetary and non-monetary the outside to stakeholders as with one through insides. The set
of reporting requirements comprises regulators, legislatures, standard bodies, and policymakers it is
envisaged into three main categories that include: the External financial reporting objectives are
aimed at addressing the information needs of stakeholders concerning finances (Florio and Leoni,
2017).

12
 • Compliance: First of all, this issue touches the legal compliance to all laws and regulations relating
to a company’s operation and appropriate compliance with it on due time. It consists of compliance
with regulations, like tax laws and environmental protection laws too whenever the organization is
working in any nation (Saeidi et al., 2021). Companies either need to set standards that fulfill the law’s
minimum requirements or exceed compliance by meeting more demanding levels. For instance in a
country wherein law stipulates that an employee is entitled to a minimum of 25 leave days. Then an
annual basis, can the organization grant their employees more than 25 leave days per annum.

Nevertheless, it should be taken into consideration that sometimes one aim can be covered with
another liability. In one of the instances, when account books are closed as notified by the
management by a given date for analyzing financial results and position this also agrees with the
closing date that is set by regulatory reporting authorities (Fraser et al., 2021). However, despite the
overlap, no one would get free of their responsibility and therefore each should ensure that objectives
are well met at the individual team level to ensure overall goals in the entire company.

11.2. Internal Control Relevance of RMF

 Objective setting: When there is an action to be taken on internal controls, it is considered always
the end of every company. During preparations for the objectives, the governing body will have to
consider its risks also (Hopkins, 2018). Company’s mission and risk appetite as a corporation. It is
possible to date risk tolerance and materiality threshold for each operating sector and so forth, thus
limits can become defined in line with that also.
 Event Identification: The recommendation implies the division of events related to the threats to the
attainment of one and other events facilitating positive effects from which, while providing
opportunities The suggestion also emphasizes that attention must extend towards operational risks
and corporate strategies or strategic risk toward interruptions with accomplishing critical goals
(Florio and Leoni, 2017). The accusation of the line on focus on individual risk towards extreme focus.
Hazards must also be valued by businesses for hazardous single-time activities, though the latter
demonstrated high risks (Hopkins, 2018). For example, taking instant action to a server database shut
down due to high traffic may lead to business sales loss and damage to the reputation of assets
which may be answered by backup servers that will take its place in case of failure.
 Risk Assessment: The guidance compels the governing to be aware of the risks associated with
chasing objectives in aiming at goals plus ways in which they ought to be taken care of. This entails
talks of the dangers that will be attained as a result of irregular surroundings and how they are going
to impact an institution in meeting its goals (Hopkins, 2018).
 Risk Response: It has been sorted into four broad types of reactions that encompass reduction,
acceptance, and transfer and sustain respectively. While thinking about the purposes behind
enduring, it is extremely imperative to consider not just preventive costs and loss covering expenses
on the chance of misfortune yet in addition how much a cost can develop because of risk-taking
13
 (Eling et al., 2021).
 Control Activities: These are the actions that are translated through the policy and procedure
system to check if implementation arising from management due directions for risk reduction is being
carried out as appropriate (Callahan and Soileau, 2017). These types of control are put in place and
followed at all levels of the organization structure, as well as from one stage to another stage
throughout business process cycles.
 Information & communication: Communicating internal control responsibilities and asking how
much of an employee’s knowledge is there concerning the tasks they perform that can contribute to
the success

12. The Relevance of RMF

The importance refers to the confirmation directly related to the concurrence that each tenet exhibits
concerning accomplishing company goals by highlighting how encompassing is a business goal
(Fraser et al., 2021). It is also composed of characteristics of recognition such as the legal and
regulatory framework, norms within that industry or market, the company’s contractual requirements
techno-dependencies, and so on with the board measuring it by metrics for relevance presence.

The smooth implication of adopting the COSO’s framework provides a broad range of business
entities with the ability to identify their type of risks. It structures the link between form logical
additions on how to boost up a company creation report. Approximately, COSO can assist in risk
management and fraud detection (Eling et al., 2021). The ERM by the COSO is value-based in that it
assures a stakeholder in an organization, which implies that success will be achieved through the
framework of analyzing risks and mitigating them. Implementation of the COSO framework will
demonstrate how this is done in terms of reducing cost and creating value for stakeholders through its
four strategies that can be mentioned as compliance, strategy, operation, and reporting (Callahan and
Soileau, 2017).

These above four strategies help a business identify how it is managed to manage the crisis that
upsurges from running of its business and this again occurs about its objectives, has appropriate risk
management policies are consistent with the COSO framework. This framework had this invaluable
benefit that saw the organization realize effective integrated reports and intelligent risk assessment.

13. Impact of COSO’s RMF

The fact that COSO’s framework has a global application, and participants can apply it to safeguard
their capital base further points out its impact. Since the COSO is adopted, an organization can see a
possibility to realize risk management gaps that become a milestone for considering the assessment
level regarding success assurance in long-term business (Oyedokun and Muhammad, 2023). As a
14
result, people of different backgrounds who are keen on investing in business organizations try to
specialize in the same as they have crazy demands. The adoption of the agency that is enwrapped by
the COSO framework mechanism enables a business to govern as well as manage both the internal
and external environment that exists around it thus facilitating its prodder in handling itself to risk.
Hence, using the COSO framework as a control mechanism to carry on business activities efficiently
is an easy way for a firm can have full control over its ventures (Eling et al., 2021).

Regarding risk management, COSO can be instrumental in cultivating a culture that takes note of
risks and ethics through use by the organization; ensuring coordination between aims and strategies
with what bearable capacity is an organization limitation as well as tracking progress. It will guarantee
the timeliness, which is the basis for teaching from success and failure.

It can support a detailed perspective on all fields of an organization in the management of strategy,
operations internal auditing/controlling, etc. For performance measurement, there is an independent
way that implies effective comparison that assists management pay positive or negative attention to
areas (Thabit et al., 2017). The RMF by COSO is ready and has been developed to ensure
systematic processes of identifying possible risks that might appear in cases where a business wants
expansion or when entering new markets. It also helps management reform strategies in different
business settings. It can also provide support in stress testing certain plans such as capital and
liquidity planning or recovery and resolution plans when a shortage is realized. This may sometimes
create some trust and confidence in the companies regarding their business processes together with
their financial standing (Naseem et al., 2020).

The Integrated framework for internal control is a guiding principle that governs the assessment of
governance, oversight, and internal control; it has become a common standard used in molding the
manufacturer compliance to another pact which is known as the Sarbanes-Oxley Act 2002
regulations. The current business is always trying to improve its quality of service and reporting
accuracy by adding several reporting needs, such as environmental, and social governance
parameters of sustainability (Bhabra and Hossain, 2017). It also refers to the inclusion of clauses that
would take up assurance requirements. Based on the following or guiding principles of the Integrated
Framework, organizations can use them to enhance quality and effectiveness through SD data
integration frameworks (Naseem et al., 2020). This lays the ground for reporting accurately to enable
management to make informed decisions and shareholders, besides any other stakeholder what
follows undertaken progress towards sustainability.

14. Conclusion:

Considering the above-given elements in our discussion, it can be said that an ERM was borne of
bitter and dawns of persistent change. But when this came into existence, it was only for a financial
15
risk now in the present time day it covers all ground things about business operation. The objectives
of the former system are assisting the business to translate its vision into reality using efficient internal
control that reduces risks and superior governance. As evidenced by many previous corporate
scandals, the company platform should have rectified some major flaws in identifying its risks and
controlling them through an effective ERM framework. As a result, the a demand for guidance on risk
management practices that were supplied in representations of COSO, ISO, and other frameworks as
well as also artesian. These frameworks allow adequate structure and neighborhood-relevant risk
management frameworks.

When the situation is given, ERM models provide risk-activation and organization preferences.
Besides, they are provided with traveled between strategies and business goals within this chosen
context. The resulting advantage in the international market speaks for having a high-quality ERM
mechanism. This is credit as it contributes to shaping a risk culture. Some understanding of sufficient
communication, as well as measures for escalation when the risk exceeds certain parameters.
Finally, it provides the company with stakeholders confidence that a given internal control system in a
particular firm or the business continuity planning used is effective enough. However, several
shortcomings include the case of misuse of power by use of internal control upon exercising
executive powers, confirmation bias, overconfidence, and all good approaches could end up in
insufficient risk assessment but still these can be tackled by building a culture of debate and exposing
weaknesses resulting from current projects under professionals through means like balance score
card.

Checking toward the particular version of the COSO framework was touched upon as an element of
our consultation that is accepted together with a gold standard method of assessment governance,
oversight, and internal control. It starts an application process that consists of knowing corporate
strategies and goals, also from years of risk analysis to ensure that your risks are consistent with the
strategic plan. It allows you to create a wide range of applications that can benefit any organization by
making it possible for them to understand what kind of threat is faced with their business. It promotes
building a long-term strategic relationship to use such a strategy to improve business performance.
One of its provisions concerns a higher level of transparency and accountability governance structure
together with the complicity of integrity in the internal control. This largely relies on the adoption by
different agencies that are always ready and adaptable, therefore, acceptance of such a framework
due to the need for improvement.

However, some of the weaknesses and disadvantages feature that this framework has still lie in the
lack of appropriate forms with verification for its cost-benefit and value-added salary. On the other
hand, however, the cost for maintenance of the framework, such can be and become much greater
than that which was initially expected. For example, partly because it is prolix, instructional, and
encompasses an unnecessarily broad range of issues; as well to be fully top-play interests. The
16
second weakness is that the risks are based on whether an external screening has been undertaken
for factors such as changes in laws international markets, and global trends among other factors;
furthermore, it does not take into account risks when there is no alert process associated with black
swan events. Restrictions arise in the early time, and there are possibilities to bypass them through
regular updates and amendments. Sometimes, business conditions change and therefore as a result
thereof, organizations need to remain dynamic in the risk management framework using changing
environmental conditions.

Therefore, ERM models like COSO should be included in the formulation of strategic and business
plans, IT infrastructure, and Software Producers among others. Authoritative bodies and major
corporate entities manufacturing this market together with those implementing it, dictating the
direction of the market must make known to relevant regulatory authorities and organizations that
produce such frameworks how they are inadequate, inconsistent, or defective. This approach of
longer-term support will help the ERM Framework as well as the market in general even the minority
interest share of the market everyone will benefit.

Lastly, it is concluded that the COSO framework has been considered important and relevant with
valuable benefits coming about due to internal controls including high confidence level, governance of
performance and goals as well timeliness in compliance with legal and regulatory guidelines or
meaning efficiency strategy formulation related directly to company’s interests.

17
15. References

Abbas, D., Ismail, T., Taqi, M. and Yazid, H., 2021. Determinants of enterprise risk management
disclosures: Evidence from insurance industry. Accounting, 7(6), pp.1331-1338.
Anton, S.G. and Nucu, A.E.A., 2020. Enterprise risk management: A literature review and agenda for
future research. Journal of Risk and Financial Management, 13(11), p.281.
Bhabra, H.S. and Hossain, A.T., 2017. The Sarbanes-Oxley act and corporate
acquisitions. Managerial Finance, 43(4), pp.452-470.
Chen, Y.L., Chuang, Y.W., Huang, H.G. and Shih, J.Y., 2020. The value of implementing enterprise
risk management: Evidence from Taiwan’s financial industry. The North American Journal of
Economics and Finance, 54, p.100926.
Chiu, T. and Wang, T., 2019. The COSO framework in emerging technology environments: An
effective in-class exercise on internal control. Journal of Emerging Technologies in Accounting
Teaching Notes, 16(2), pp.1-10.
Dangi, M.R.M., Nawawi, A. and Salin, A.S.A.P., 2020. Application of COSO framework in whistle-
blowing activities of public higher-learning institutions. International Journal of Law and
Management, 62(2), pp.193-211.
Eling, M., McShane, M. and Nguyen, T., 2021. Cyber risk management: History and future research
directions. Risk Management and Insurance Review, 24(1), pp.93-125.
Florio, C. and Leoni, G., 2017. Enterprise risk management and firm performance: The Italian
case. The British Accounting Review, 49(1), pp.56-74.
Fox, C., 2018. Understanding the new ISO and COSO updates. Risk Management, 65(6), pp.4-7.
Fraser, J.R., Quail, R. and Simkins, B. eds., 2021. Enterprise risk management: Today's leading
research and best practices for tomorrow's executives. John Wiley & Sons.
Glowka, G., Kallmünzer, A. and Zehrer, A., 2021. Enterprise risk management in small and medium
family enterprises: the role of family involvement and CEO tenure. International Entrepreneurship and
Management Journal, 17, pp.1213-1231.
Hopkin, P., 2018. Fundamentals of risk management: understanding, evaluating and implementing
effective risk management. Kogan Page Publishers.
Hubbard, D.W., 2020. The failure of risk management: Why it's broken and how to fix it. John Wiley &
Sons.
Hutsaliuk, O., Koval, V., Tsimoshynska, O., Koval, M. and Skyba, H., 2020. Risk Management of
Forming Enterprises Integration Corporate Strategy. TEM Journal, 9(4).
Kuo, Y.F., Lin, Y.M. and Chien, H.F., 2021. Corporate social responsibility, enterprise risk
management, and real earnings management: Evidence from managerial confidence. Finance
Research Letters, 41, p.101805.
Malik, M.F., Zaman, M. and Buckby, S., 2020. Enterprise risk management and firm performance:
Role of the risk committee. Journal of Contemporary Accounting & Economics, 16(1), p.100178.
18
McShane, M., 2018. Enterprise risk management: history and a design science proposal. The journal
of risk finance, 19(2), pp.137-153.
Naseem, T., Shahzad, F., Asim, G.A., Rehman, I.U. and Nawaz, F., 2020. Corporate social
responsibility engagement and firm performance in Asia Pacific: The role of enterprise risk
management. Corporate Social Responsibility and Environmental Management, 27(2), pp.501-513.
Oyedokun, G.E. and Muhammad, A.I., 2023. INTERNAL CONTROL SYSTEM AND FINANCIAL
PERFORMANCE OF SMALL AND MEDIUM SCALE ENTERPRISES IN NIGERIA. Studies in
Economics and International Finance, 3(1), pp.89-110.
Rahmawati, D.L. and Prasetyo, K., 2020. Determinants on the extent of enterprise risk management
(ERM) disclosure in annual reporting: an Indonesian study. International Journal of Innovation,
Creativity and Change, 13(4), pp.512-525.
Saeidi, P., Saeidi, S.P., Gutierrez, L., Streimikiene, D., Alrasheedi, M., Saeidi, S.P. and Mardani, A.,
2021. The influence of enterprise risk management on firm performance with the moderating effect of
intellectual capital dimensions. Economic Research-Ekonomska Istraživanja, 34(1), pp.122-151.
Sefako, J.M. and Tshehla, M.F., 2019. CRITICAL SUCCESS FACTORS FOR ENTERPRISE RISK
MANAGEMENT TO IMPROVE PERFORMANCE. In 21st ACADEMY OF AFRICAN BUSINESS AND
DEVELOPMENT CONFERENCE (p. 281).
Silva, J.R., Silva, A.F.D. and Chan, B.L., 2019. Enterprise risk management and firm value: Evidence
from Brazil. Emerging Markets Finance and Trade, 55(3), pp.687-703.
Thabit, T., Solaimanzadah, A. and Al-Abood, M.T., 2017. The effectiveness of COSO framework to
evaluate internal control system: the case of kurdistan companies. Cihan International Journal of
Social Science, 1(1), p.44.

19