Page 390 - COSO Guidance
P. 390
COSO Infographic with Principles
COSO Infographic with Principles
ENTERPRISE RISK MANAGEMENT
COSO Infographic with Principles
IMPLEMENTATION
BUSINESS
MISSION, VISION STRATEGY ENTERPRISE RISK MANAGEMENT IMPLEMENTATION ENHANCED
STRATEGY
BUSINESS
MISSION, VISION
ENHANCED
20 | Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management
& CORE VALUES DEVELOPMENT OBJECTIVE & PERFORMANCE VALUE VALUE
DEVELOPMENT
OBJECTIVE
& CORE VALUES
& PERFORMANCE
FORMULATION
FORMULATION
Performance
Information,
Information,
Governance Strategy & Performance Review Review Information, Communication, & Reporting
Strategy &
Governance
Strategy & Objective-Setting
& Revision
Communication,
Objective-Setting
Objective-Setting
& Culture
COSO Infographic with Principles & Culture ENTERPRISE RISK MANAGEMENT & Revision Communication,
& Reporting
& Reporting
• Further integration of ERM processes into the
• Consideration of the possible uses or application of
10. Identifies Risk 15. Assesses Substantial
18. Leverages Information
1. Exercises Board Risk 6. Analyzes Business
1. Exercises Board Risk 6. Analyzes Business 10. Identifies Risk 15. Assesses Substantial 18. Leverages Information
Oversight
Oversight Context organization’s annual planning and budgeting and Technology
Context
Change
Change
and Technology
11. Assesses Severity
new technologies
11. Assesses Severity
2. Establishes Operating 7. Defines Risk Appetite of Risk 16. Reviews Risk and 19. Communicates Risk
2. Establishes Operating 7. Defines Risk Appetite
19. Communicates Risk
16. Reviews Risk and
of Risk
processes
Structures 8. Evaluates Alternative 12. Prioritizes Risks Performance Information
Information
Performance
Structures
8. Evaluates Alternative 12. Prioritizes Risks
• Consideration or development of new data sources
17. Pursues improvement
3. Defines Desired Culture Strategies 17. Pursues improvement 20. Reports on Risk,
Strategies
20. Reports on Risk,
3. Defines Desired Culture
13. Implements Risk
MISSION, VISION STRATEGY BUSINESS 13. Implements Risk in Enterprise Risk Culture, and
IMPLEMENTATION
ENHANCED
Culture, and
in Enterprise Risk
9. Formulates Business Responses
4. Demonstrates
• More formal integration into the strategy
& PERFORMANCE
OBJECTIVE
& CORE VALUES 4. Demonstrates 9. Formulates Business Responses VALUE and analytics
DEVELOPMENT
Management
Performance
Commitment Objectives 14. Develops Portfolio Management Performance
Objectives
Commitment
FORMULATION
14. Develops Portfolio
to Core Values
to Core Values development process
View
View
5. Attracts, Develops, • Development of a program of continuing education
5. Attracts, Develops,
and Retains Capable • Further discussion and articulation of the for directors and executives
and Retains Capable
Individuals
Individuals
organization’s risk appetite
ENTERPRISE RISK MANAGEMENT • Development of an ongoing ERM education and
Governance Strategy & Performance Review Information,
& Culture Objective-Setting Performance & Revision Communication, training for line management
& Reporting
• Further expansion and enhancements to the risk
1. Exercises Board Risk 6. Analyzes Business 10. Identifies Risk 15. Assesses Substantial 18. Leverages Information • Considerations of the use of technology and
Oversight Context 11. Assesses Severity Change and Technology
2. Establishes Operating 7. Defines Risk Appetite of Risk assessment processes 19. Communicates Risk artificial intelligence for enhanced risk monitoring
16. Reviews Risk and
MISSION, VISION STRATEGY BUSINESS IMPLEMENTATION ENHANCED
& PERFORMANCE
DEVELOPMENT
& CORE VALUES Structures 8. Evaluates Alternative 12. Prioritizes Risks Performance VALUE Information
OBJECTIVE
FORMULATION
• More formal process to prioritize and assess the
3. Defines Desired Culture Strategies 13. Implements Risk 17. Pursues improvement 20. Reports on Risk, The above listing is not all inclusive but may be helpful as
Culture, and
4. Demonstrates 9. Formulates Business Responses in Enterprise Risk an organization considers possible next steps in enhancing
severity of risks
Commitment Objectives 14. Develops Portfolio Management Performance
to Core Values View its ERM processes. The specific steps to be taken must be
5. Attracts, Develops, • Updates to the risk response and action plans determined based on the initial steps taken and tailored
and Retains Capable to the state of maturity and ERM objectives of the specific
Individuals
Governance Strategy & Performance Review Information, organization. The critical point, however, is to keep the
Review & Revision
& Culture Objective-Setting & Revision Communication,
& Reporting momentum moving and continuing to evolve, expand, and
• Considerations of significant organizational
1. Exercises Board Risk 6. Analyzes Business 10. Identifies Risk 15. Assesses Substantial 18. Leverages Information deepen the organization’s ERM capabilities such that they
Oversight Context 11. Assesses Severity Change changes and Technology are tangibly contributing to the organization’s ability to
2. Establishes Operating 7. Defines Risk Appetite of Risk 16. Reviews Risk and 19. Communicates Risk
Structures 8. Evaluates Alternative 12. Prioritizes Risks Performance Information achieve its strategy and business objectives.
• Development of performance processes, such
3. Defines Desired Culture Strategies 13. Implements Risk 17. Pursues improvement 20. Reports on Risk,
Culture, and
as a balanced scorecard and strategy maps,
4. Demonstrates 9. Formulates Business Responses in Enterprise Risk
Commitment Objectives 14. Develops Portfolio Management Performance
to Core Values View to assess performance and benefits of
5. Attracts, Develops, ERM processes
and Retains Capable
Individuals
• Development of a more formal continuous
improvement process
c oso . or g
