Auditing the Enterprise Risk Management (ERM) Process
Overview
This course provides an overview of the Enterprise Risk Management (ERM) process and all the underlying elements of ERM, including risk appetite, governance, and roles and responsibilities. The course includes the attributes that make an ERM process effective, such as addressing black swans, using risk-driven metrics, and linking ERM with the organization’s strategy. Most of the course will involve methods for auditing the ERM process by assessing the process according to the COSO framework, comprising five components and twenty principles.
The course also includes ISO 31000, a summary of key highlights, and a comparison of the commonalities and differences between the ISO risk management framework and the COSO risk management framework. The course also covers the application of concepts using examples, case studies, exercises, and ERM reporting to various stakeholders.
Why you should take this course.
For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.
Here are the topics we'll cover.
-
Enterprise Risk Management (ERM)
- Overview
- Risk Appetite
- ERM Governance
- Internal Audit’s Role and Responsibilities
- Black Swans
- ERM Effectiveness
- ERM Metrics
- ERM and Strategy
-
COSO Principles
- Overview
- COSO Principle 1: Exercises Board Oversight
- COSO Principle 2: Establishes Operating Structures
- COSO Principle 3: Defines Desired Culture
- COSO Principle 4: Demonstrates Commitment to Core Values
- COSO Principle 5: Attracts, Develops and Retains Capable Individuals
- COSO Principle 6: Analyzes Business Context
- COSO Principle 7: Defines Risk Appetite
- COSO Principle 8: Evaluates Alternative Strategies
- COSO Principle 9: Formulates Business Objectives
- COSO Principle 10: Identifies Risk
- COSO Principle 11: Assesses Severity of Risk
- COSO Principle 12: Prioritizes Risk
- COSO Principle 13: Implements Risk Responses
- COSO Principle 14: Develops Portfolio View
- COSO Principle 15: Assesses Substantial Change
- COSO Principle 16: Reviews Risk and Performance
- COSO Principle 17: Pursues Improvement to ERM
- COSO Principle 18: Leverages Information Systems
- COSO Principle 19: Communicates Risk Information
- COSO Principle 20: Reports on Risk, Culture, and Performance
-
Reports
- Types of Reporting
Learning Style
Level
Who this course is for
NASBA Certified CPE
Field of Study
Length of course
Advanced Preparation
Here are the learning objectives we'll cover
- The learner will understand the basic elements of the entire ERM process, including governance, execution, and reporting.
- The learner will define common ERM vocabulary and terminology.
- The learner will understand how the ERM process should be linked to the organization's strategy.
- The learner will apply the ERM framework principles and develop auditing procedures to assess the effectiveness of an organization's ERM process.
- The learner will identify the differences between the two of the most used ERM frameworks, COSO and ISO.