The COSO cube helps us look at the entire enterprise risk management model of the organization and focus on the individual parts. Enterprise risk management (ERM) is the process of planning, organizing, leading and controlling an organization's activities to minimize the effects of risk on our capital and earnings. In other words, enterprise risk management is a way to chart a path and use tools and techniques to stay on that path. Even though the COSO guidelines are not mandatory, they are nevertheless very influential and offer many great benefits as risk management and internal control systems can be evaluated and improved. At the top of the cube are objectives such as our strategic objectives, operational objectives, financial reporting and our compliance objectives. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an original essay The importance of financial reporting and compliance reflects the legacy and context in which the frameworks were created. A series of banks and Enron WorldCom have placed these problems in the public and not just in the corporate consciousness. At the front of the cube we have eight components needed to reach the goals from the top of the cube. The third and final dimension of the cube cuts the organization into different levels, to focus on each part of the organization as well as the whole and to emphasize that each component applies from the global board down to the operating units. At the front of the third dimension we have the entity that represents the entire organization within itself which divides it into each division, business unit and subsidiaries. Internal Environment Of the top slice on the front of the cube we have our first component, the internal environment. It is about how setting the tone of the organization influences risk appetite towards attitudes towards risk management and ethical values. Ultimately, the tone of the company is set by the board, a board without technical knowledge or diversity of experience or an independent voice is unlikely to set the right tone, the work done by directors on board committees can make a significant contribution also to the tone of the audit and risk committees. they have an important role to play here. Returning to the levels of our organization, it is important to remember the importance that control mechanisms at the division and business unit level only work if managed correctly. Management tolerates staff ignoring controls or an emphasis on outcomes over outcomes and responsible risk management – our recipes for failure. Goal Setting The organization should have a clear vision and the board sets goals that support that vision. The vision and objectives should be consistent with your risk appetite for the board to set objectives effectively; must be aware of the risks arising from raising different objectives to our problems. The board must also consider risk appetite and have a high-level view of how much risk it is willing to accept; As part of this process, the Board will consider a tolerance that represents the acceptable variation around individual goals. Goals should ripple through the organization, to business divisions and the subsidiary level, leading back to the corporate vision. Identification of events The organization must identify internal and external events that influence the.
tags