Professional Documents
Culture Documents
This enterprise risk management framework is geared to achieving an entity’s objectives, set forth in four categories:
• Reporting—reliability of reporting
Risk is usually defined as the possibility that an event will occur (that is, a threat will materialize) and adversely affect
the achievement of objectives. It is measured in terms of the degree of likelihood that the event might occur,
coupled with the probable impact should the event occur. So an individual risk may be plotted graphically using a
graph, sometimes known as a risk map or matrix.
RISK REGISTERS
The risk register approach is less visual in its representation, but is widely used to create and maintain a record of
threats and their management at all levels and in all parts of the organization. The risk register allows a more
detailed description of the approaches being taken to manage risks.
Control Objectives for Risk Management Processes
(a) Organizational objectives support and align with the organization’s mission
(c) Appropriate risk responses are selected that align risks with the organization’s risk appetite
(d) Relevant risk information, enabling staff, management, and the board to carry out their responsibilities, is
captured and communicated in a timely manner across the organization, enabling staff, management, and the
board to carry out their responsibilities.