bITa Center

FRAMEWORK OVERVIEW

Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within the entity’s risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. The definition is broad, relating to all aspects of a business. Enterprise risk management consists of eight interrelated components, which complement the way management runs the enterprise and are integrated with other management processes. The components are linked and serve as criteria for determining whether enterprise risk management is effective.

A key objective of this framework is to help managements of businesses and other entities better deal with risk inherent in achieving an entity’s objectives. But enterprise risk management means different things to different people. The wide variety of labels and meanings prevents a common understanding of enterprise risk management. An important goal, then, is to integrate various risk management concepts into a framework in which a common definition is established and components identified. This framework is designed to accommodate most viewpoints and provide a starting point for individual entities’ assessments and enhancement of enterprise risk management, for future initiatives of rule-making bodies and for education.

more information on the coso website

or download this paper