Chapter 15




               2.2  Enterprise risk management (ERM)

                             ‘A process, effected by an entity’s board of directors, management and
                             other personnel, applied in strategy setting and across the enterprise,
                             designed to identify potential events that may affect the entity, and
                             manage risk to be within its risk appetite, to provide reasonable
                             assurance regarding the achievement of entity objectives’.
                             (COSO 2003)


               2.3   Principles of ERM


                    risk management in the context of business strategy

                    risk management is everyone’s responsibility, with the tone set from the top

                    the creation of a risk aware culture

                    a comprehensive and holistic approach to risk management


                    consideration of a broad range of risks (strategic, financial, operational and
                     compliance)

                    a focused risk management strategy, led by the board (embedding risk within
                     an organisation's culture).











































               182