Enterprise Risk Management Framework

Enterprise risk management is a process:

 - effected by an entity’s board of directors, management and other personnel,

 - applied in strategy setting and across the enterprise,

 - designed to identify potential events that may affect the entity

 - manage risk to be within its risk appetite

 - to provide reasonable assurance regarding the achievement of entity objectives


Why is ERM important?



 ERM Framework


COSO’s enterprise risk management (ERM) model has become a widely-accepted framework for organizations to use. The framework has been established as a model that can be used in different environments worldwide. ERM considers activities at all levels of the organization: Enterprise level, Division or Subsidiary level, Business unit processes.


Components of ERM framework 

The Framework itself is a set of principles organized into five interrelated components:


The five components in the updated Framework are supported by a set of principles. These principles cover everything from governance to monitoring. They are manageable in size, and they describe practices that can be applied in different ways for different organizations regardless of size, type, or sector. Adhering to these principles can provide management and the board with a reasonable expectation that the organization understands and strives to manage the risks associated with its strategy and business objectives. 

How internal auditors can add value to an organization’s ERM framework