Professional Documents
Culture Documents
Lisanne Sison
Director ERM
Bickmore
What is ERM?
Enterprise Risk Management (ERM) is defined
by the Committee of Sponsoring
Organizations (COSO) as “a process, effected
by an entity’s board of directors, management
and other personnel, applied in strategy-
setting and across the enterprise, designed to
identify potential events that may affect the
entity, and manage risk to be within its risk
appetite, to provide reasonable assurance
regarding the achievement of entity
objectives.”
What is ERM?
Enterprise Risk Management (ERM) is defined
by the Committee of Sponsoring
Organizations (COSO) as “a process, effected
by an entity’s board of directors, management
and other personnel, applied in strategy-
setting and across the enterprise, designed to
identify potential events that may affect the
entity, and manage risk to be within its risk
appetite, to provide reasonable assurance
regarding the achievement of entity
objectives.”
What is ERM? (cont’d)
To help assist with the implementation of the ERM process, COSO
developed the ERM Integrated Framework (2004), also known as the
COSO Cube. This cube is an update to the initial COSO I framework
developed in 1992:
What is ERM? (cont’d)
Information and
Communication relate to
those practices that ensure
that the right information is
communicated at the right
time to the right people.
What is ERM? (cont’d)
Monitoring consists of
ongoing evaluations to
ensure controls are
functioning as designed,
and taking corrective action
to enhance control activities
if needed.
ERM Life Cycle Evaluate
Performance
Implement
Confirm
Evaluate next
Identify and options steps
Goal prioritize risks
Culture setting