Skip to main content

Enterprise Risk Management Best Practices: From Assessment to Ongoing Compliance

Enterprise Risk Management Best Practices: From Assessment to Ongoing Compliance

Anne M. Marchetti

ISBN: 978-1-118-14953-9 August 2011 192 Pages




High-level guidance for implementing enterprise risk management in any organization

A Practical Guide to Risk Management shows organizations how to implement an effective ERM solution, starting with senior management and risk and compliance professionals working together to categorize and assess risks throughout the enterprise. Detailed guidance is provided on the key risk categories, including financial, operational, reputational, and strategic areas, along with practical tips on how to handle risks that overlap across categories.

  • Provides high-level guidance on how to implement enterprise risk management across any organization
  • Includes discussion of the latest trends and best practices
  • Features the role of IT in ERM and the tools that are available in both assessment and on-going compliance
  • Discusses the key challenges that need to be overcome for a successful ERM initiative

Walking readers through the creation of ERM architecture and setting up on-going monitoring and assessement processes, this is an essential book for every CFO, controller and IT manager.

Preface xi

Chapter 1: Overview of Enterprise Risk Management 1

ERM Introduction 1

Guidance:  History and Relationship 3

Organization View 5

ERM Today 7

Increased Pressure to Manage Risk 9

Additional evidence 10

Perceived Barriers to Risk Management 11

Building the Business Case for ERM: Value and Benefi ts 11

Keys to Success 13

Summary 15

Notes 16

Chapter 2: Corporate Governance and Roles and Responsibilities 17

Board Behavior 18

Corporate Culture 19

Roles and Responsibilities 20

Summary 23

Chapter 3: ERM Defined 25

Definitions and Concepts 28

Risk Categories 30

Internal Environment 31

Summary 34

note 34

Chapter 4: The ERM Process Step by Step 35

Step 1 Strategy and Objective Definition 36

Step 2 Event Identification 38

Step 3 Risk Assessment 40

Step 4 Risk Response 41

Step 5 Communication 45

Step 6 Monitoring 46

Oversight 47

Summary 47

Notes 48

Chapter 5: COSO Framework and Financial Controls 49

Focus on Financial Controls 49

Control Environment 52

Integrity and Ethical Values 53

Board of Directors 55

Management’s Philosophy and Operating Style 57

Organizational Structure 57

Financial Reporting Competencies 58

Authority and Responsibility 59

Human Resources 60

Summary 61

Notes 62

Appendix 5A: Excerpt from a Code of Ethics Policy 63

Our Guiding Principles and Values 64

Conflicts of Interest 64

Confidential Information; Intellectual Property 65

Appendix 5B: Whistleblower Program 67

Reports Regarding Accounting Matters 67

Investigation of Suspected Violations 68

Discipline for Violations 68

Appendix 5C: Approval Policy and Procedures 69

Policy 69

Purpose 69

Scope 69

Approvals/Documentation 70

Chapter 6: Financial Controls and Risk Assessment 74

Risk Assessment 74

Financial Reporting Objectives 75

Financial Reporting Risks 76

Fraud Risk 77

Entity-Level Controls 83

Example: Risk Assessment and Financial Controls 84

Evaluating Deficiencies 86

Summary 87

Notes 87

Appendix 6A: Entity-Level Control Assessment 88

Control Assessment Overview 88

Control Environment 90

Overall Evaluation of Control Environment 95

Risk Assessment 96

Overall Evaluation of Risk Assessment 98

Control Activities 99

Overall Evaluation of Control Activities 100

Information and Communication 101

Overall Evaluation of Information and Communication 104

Monitoring 105

Overall Evaluation of Monitoring 108

Summary Assessment 109

Overall Assessment of Internal Controls 110

Appendix 6B: Accounts Payable Preliminary Controls

Assessment Questionnaire 111

Purchasing Controls Questionnaire 111

Internal Control Assessment 112

Appendix 6C: Fraud Risk Factors: AU Section 316 114

Risk Factors Relating to Misstatements Arising from Fraudulent

Financial Reporting 114

Chapter 7: Ongoing Compliance Overview 120

Origin of the Sarbanes-Oxley Act 120

Generating Value from Compliance 121

Moving Beyond Initial Compliance 123

Reevaluating the Compliance Program 125

Summary 131

Chapter 8: Ongoing Compliance Challenges 132

Future State Opportunity: Compliance Optimization 133

Issues to Consider When Optimizing Compliance 136

Ongoing Compliance Plan 138

Role of Internal Audit: Balancing the Compliance and

Audit Functions 143

Evolving Role of the Audit Committee 145

Summary 148

Chapter 9: Addressing Compliance and Risk Management

Challenges through Automation 149

Software Can Add Value Beyond Compliance 151

Monitoring Software 152

Utilization of Continuous Monitoring: Control Testing and Control

Automation 153

Benefits of Continuous Monitoring 154

Continuous Monitoring Tool Considerations 155

Continuous Monitoring Process 155

Risk Management Software 157

Unifying Financial Statements, Close Tasks, and SOX Controls 159

Determining the Right Solution 159

Summary 161

Note 161

Chapter 10: Ongoing Compliance and IFRS 162

International Financial Reporting Standards 162

Communicating the Impact 164

Preparing for IFRS 166

Comprehensive IFRS Transition Approach 167

Key Elements of an Effective IFRS Implementation 170

Summary 172

About the Author 173

Index 175