ERM: A Tool for Risk-Informed Strategic Planning and Decision Making

Étiquettes

COSO, COSO ERM, décision, ERM, framework, planning, Protiviti, risks, strategic, strategic planning, strategy, tool, value

At the end of last year, Protiviti conducted a webinar, Deriving Value from the Updated COSO ERM Framework. I had the pleasure of hosting the webinar, along with my colleagues: Dolores Atallo, a Managing Director in the Risk and Compliance practice, Jim DeLoach, Managing Director and member of the COSO Advisory Council (and host of this blog), and Bob Hirth, Senior Managing Director and COSO Chairman and member of the Sustainability Accounting Standards Board.

I want to take the opportunity in this post to address some of the more fundamental questions about enterprise risk management (ERM) generally – questions our audience was also interested in.

What are some of the expectations of ERM in the global marketplace?

Source : Emma Marcandalli, Managing DirectorRisk and Compliance, Protiviti – Italy  http://blog.protiviti.com/2018/01/19/erm-tool-risk-informed-strategic-planning-decision-making/

 

You can also read :

IMPLANTER UNE VERITABLE CULTURE DU RISQUE AU SEIN DES ENTITES !

La gestion des risques doit aussi permettre la création de valeur 

How good is your chief risk officer ? — Norman Marks on Governance, Risk Management, and Audit

A conversation about risk with a CEO — Norman Marks on Governance, Risk Management, and Audit

COSO proposes update to enterprise risk management framework

Comment bien faire part de vos commentaires sur le projet de ERM COSO ?

Étiquettes

audit, comments, COSO, COSO2, COSO3, discuss, draft, ERM, framework, IIA, internal audit, internal control, internal control framework, risk-management, risk-manager, risks, update

Last July, I submitted written comments and suggestions to COSO on the draft of the ERM framework update. In this post, I remind you of those comments and discuss (see Comment) how well they have been addressed in the final edition. (At the time, I discussed them with several people involved in the update, who […]

Lire la suite →

COSO proposes update to enterprise risk management framework

Étiquettes

alignment, capabilities, COSO, COSO cube, culture, entreprise, entreprise risk management, ERM, framework, integration, internal control framework, performance, practices, strategy, update

Principal object : the alignment of risk, strategy, and performance.

Illustration : introduced an update to the “COSO cube,”

Changes that reflect the evolution of thinking and practices related to enterprise risk management (ERM) are among the most significant updates proposed to a new integrated framework devoted to ERM. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) will issue an exposure draft Wednesday and seeks public comment. The update, Enterprise Risk Management—Aligning Risk With Strategy and Performance, provides additional clarity on concepts introduced in the 2004 framework. Those updates are in response to growing complexity and speed of risk over the past decade. “Risk cannot be viewed as a potential constraint or challenge to executing a strategy,” COSO Chairman Robert Hirth said in a news release. “Rather, how an organization copes with risk offers strategic opportunities. This update answers the call for improved culture, capabilities, and practices integrated with strategy setting and its execution.”

The updated framework proposes:

… Lire la suite →

Scoping a Cybersecurity Program

Étiquettes

archieving, core, cybersecurity, framework, framework core, holistic, implementing, NIST, organization, process, program, security, standard, standard approach

The US National Institute of Standards and Technology (NIST) released the Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework) on 12 February 2014. The Cybersecurity Framework establishes a common language for describing a cybersecurity program. It enables organizations of all sizes share information on cybersecurity objectives and activities. Organizations can leverage industry standards for achieving the cybersecurity objectives outlined in the Framework as they implement it. However, many organizations struggle with developing or improving their cybersecurity program simply because they are not sure where or how to start. Leveraging the Cybersecurity Framework can help organizations understand where to start, how to establish goals for their cybersecurity programs, and share lessons learned within their organizations and with others implementing the Framework.

The Cybersecurity Framework provides a standard approach for framing a cybersecurity program. The Cybersecurity Framework includes 3 primary components: the Framework core, profiles and implementation tiers. The Framework core identifies a hierarchy of cybersecurity considerations for organizations to address when implementing a cybersecurity program. Lire la suite →

Are You Ready? Implementing COSO’s Updated Internal Controls Framework

Étiquettes

COSO, COSO3, framework, internal control, internal control framework

Join this webcast featuring senior-level financial executives with deep knowledge of the updated internal control framework released by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Hear first-hand how Pfizer, Raytheon and Dow have implemented the updated framework (which will supersede COSO’s original 1992 guidelines at the end of this year).

COSO Implementation: Getting Real, Getting It Right from BlackLine

(Published on Jul 24, 2014)