Skip to main content

COSO Enterprise Risk Management: Understanding the New Integrated ERM Framework



COSO Enterprise Risk Management: Understanding the New Integrated ERM Framework

Robert R. Moeller

ISBN: 978-0-470-14839-6 July 2007 352 Pages


Praise for COSO Enterprise Risk Management

"COSO ERM is a thoughtful introduction to the challenges of risk management at the enterprise level and contains a wealth of information on dealing with it through the use of the COSO framework. Detailed procedures covering a wide variety of situations are followed by a thorough explanation of how each is deployed. As a project management professional, I appreciate how the author addresses the need for risk management at a project level. His background as someone who 'practices what they preach' and realizes the impact of the Sarbanes-Oxley auditing rules comes through clearly in the book, and it should be mandatory reading for anyone seeking to understand how to tackle their own ERM issues."
--Greg Gomel, PMP, CQM, CSQE, ITIL, Director, Project Management, Insight North America

"This volume clearly and comprehensively outlines the usefulness of COSO Enterprise Risk Management guidance. It should provide considerable benefit to those having governance responsibilities in this important area."
--Curtis Verschoor, L & Q Research Professor, School of Accountancy and MISDePaul University, Chicago

Transform your company's internal control function into a valuable strategic tool

Today's companies are expected to manage a variety of risks that would have been unthinkable a decade ago. More than ever, it is vital to understand the dimensions of risk as well as how to best manage it to gain a competitive advantage.

COSO Enterprise Risk Management clearly enables organizations of all types and sizes to understand and better manage their risk environments and make better decisions through use of the COSO ERM framework.

A pragmatic guide for integrating ERM with COSO internal controls, this important book:

  • Offers you expert advice on how to carry out internal control responsibilities more efficiently
  • Updates you on the ins and outs of the COSO Report and its emergence as the new platform for understanding all aspects of risk in today's organization
  • Shows you how an effective risk management program, following COSO ERM, can help your organization to better comply with the Sarbanes-Oxley Act
  • Knowledgeably explains how to implement an effective ERM program

COSO Enterprise Risk Management is the invaluable working resource that will show you how to identify risks, avoid pitfalls within your corporation, and keep it moving ahead of the competition.


Chapter 1. Importance of Enterprise Risk Management Today.

COSO Risk Management:  How Did We Get Here?.

COSO Internal Controls Framework.

COSO Internal as a Recognized Standard.

Origins of COSO ERM.

Chapter 2. Risk Management Fundamentals.

Fundamentals: Risk Management Phases.

Other Risk Assessment Techniques.

Risk Management Fundamentals Going Forward.

Chapter 3. Components of COSO ERM.

ERM Definitions and Objectives:  A Portfolio View of Risk.

COSO ERM Framework Model.

Other Dimensions of the ERM Framework.

Chapter 4. COSO ERM Organization Objectives.

ERM Risk Objective Categories.

COSO ERM Entity and Unit Level Risks.

Putting It All Together.

Chapter 5. Implementing an Effective ERM Program.

Roles and Responsibilities of an Enterprise Risk Management Function.

ERM Communications Approaches.

CRO and an Effective Enterprise Risk Management Function.

Chapter 6. Integrating ERM with COSO Internal Controls.

COSO Internal Controls: Background and Earlier Legislation.

COSO Internal Control Framework.

COSO Internal Controls and COSO ERM Compared.

Chapter 7. Sarbanes-Oxley and COSO ERM.

Sarbanes-Oxley Background.

SOx Legislation Overview.


Chapter 8. Importance of ERM in the Corporate Board Room.

Board Decisions and Risk Management.

Board Organization and Governance Rules.

Audit Committee and Managing Risks.

Establishing a Board-Level Risk Committee.

Audit and Risk Committee Coordination.

COSO ERM and Corporate Governance.

Chapter 9. Role of Internal Audit in ERM.

Internal Audit Standards for Evaluating Risk.

COSO ERM for More Effective Internal Audit Planning.

Risk-Based Internal Audit Findings and Recommendations.

COSO ERM and Internal Audit.

Chapter 10. Understanding Project Management Risks.

Project Management Process.

Project-Related Risks:  What Can Go Wrong.

Implementing COSO ERM for Project Managers.

Establishing a Program Management Office (PMO).

Chapter 11. Information Technology and ERM.

IT and the COSO ERM Framework.

Application Systems Risks.

Effective IT Continuity Planning Worms, Viruses, And System Network Risks.

IT and Effective ERM Processes.

Chapter 12. Establishing an Effective Risk Culture.

First Steps to Launching the Culture – An Example.

Promoting the Concept of Enterprise Risk.

Building the COSO ERM Culture: Risk-Related Education Programs.

Keeping the Risk Culture Current.

Chapter 13. ERM Worldwide.

ERM "Standards" Versus an ERM Framework.

ERM and ISO.

Convergence Of Risk Management Standards And Practices.

Chapter 14. COSO ERM Going Forward.

Future Prospect for COSO ERM.


Learning More about Risk Management.

ERM: New Professional Opportunities.


"In the book…Robert Moeller aims to help business professionals at all levels-from staff internal auditors to corporate board members-understand risk management and make effective use of the COSO ERM framework. In COSO Moeller identifies the processes and guidance required to become better at evaluating, embracing, and managing business uncertainties and risks in order to protect and enhance enterprise value." (Strategic Finance, June 2009)