Skip to main content

Enterprise Risk Management Best Practices: From Assessment to Ongoing Compliance

Enterprise Risk Management Best Practices: From Assessment to Ongoing Compliance

Anne M. Marchetti

ISBN: 978-1-118-38669-9

Mar 2012

192 pages


High-level guidance for implementing enterprise risk management in any organization

A Practical Guide to Risk Management shows organizations how to implement an effective ERM solution, starting with senior management and risk and compliance professionals working together to categorize and assess risks throughout the enterprise. Detailed guidance is provided on the key risk categories, including financial, operational, reputational, and strategic areas, along with practical tips on how to handle risks that overlap across categories.

  • Provides high-level guidance on how to implement enterprise risk management across any organization
  • Includes discussion of the latest trends and best practices
  • Features the role of IT in ERM and the tools that are available in both assessment and on-going compliance
  • Discusses the key challenges that need to be overcome for a successful ERM initiative

Walking readers through the creation of ERM architecture and setting up on-going monitoring and assessement processes, this is an essential book for every CFO, controller and IT manager.


Chapter 1: Enterprise Risk Management Overview.

ERM Introduction.

Guidance: History and Relationship.

Organization View.

ERM Today.

Increased Pressure to Manage Risk.

Additional Evidence.

Perceived Barriers to Risk Management.

Building the Business Case for ERM: Value and Benefits.

Keys to Success.


Chapter 2: Corporate Governance and Roles and Responsibilities.

Board Behavior.

Corporate Culture.

Roles and Responsibilities.


Chapter 3: ERM Defined.

Definitions and Concepts

Risk Categories.

The Internal Environment.



Chapter 4: The ERM Process: Step by Step.

Step 1: Strategy and Objective Definition.

Step 2: Event Identification.

Step 3: Risk Assessment.

Step 4: Risk Response.

Step 5: Communication.

Step 6: Monitoring.




Chapter 5: COSO Framework and Financial Controls.

Focus on Financial Controls.

Control Environment.

Integrity and Ethical Values.

Board of Directors.

Management's Philosophy and Operating Style.

Organizational Structure.

Financial Reporting Competencies.

Authority and Responsibility.

Human Resources.



Appendix 5A: Whistleblower Program.

Reports Regarding Accounting Matters.

Investigation of Suspected Violations.

Discipline for Violations.

Appendix 5B: Excerpt from a Code of Ethics Policy.

1.0 Our Guiding Principles and Values.

2.0 Conflicts of Interest.

3.0 Confidential Information; Intellectual Property.

Appendix 5C: Approval Policy and Procedures.





Chapter 6: Financial Controls and Risk Assessment.

Risk Assessment.

Financial Reporting Objectives.

Financial Reporting Risks.

Fraud Risk.

Entity-Level Controls.

Example: Risk Assessment and Financial Controls.

Evaluating Deficiencies.



Appendix 6A: Entity Level Control Assessment.

Control Assessment Overview.

Control Environment.

Overall Evaluation of Control Environment.

Risk Assessment.

Overall Evaluation of Risk Assessment.

Control Activities.

Overall Evaluation of Control Activities.

Information and Communication.

Overall Evaluation of Information and Communication.


Overall Evaluation of Monitoring.

Summary Assessment.

Overall Assessment of Internal Controls.

Appendix 6B: Accounts Payable: Preliminary Controls Assessment Questionnaire.

Purchasing Controls Questionnaire.

Internal Control Assessment.

Appendix 6C: Fraud Risk Factors: AU Section 316.

Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting.

Chapter 7: Ongoing Compliance Overview.

Origin of Sarbanes-Oxley Act.

Generating Value from Compliance.

Moving beyond Initial Compliance.

Reevaluating the Compliance Program.


Chapter 8: Ongoing Compliance Challenges.

Future State Opportunity: Compliance Optimization.

Issues to Consider When Optimizing Compliance.

Ongoing Compliance Plan.

Role of Internal Audit: Balancing the Compliance and Audit Functions.

The Evolving Role of the Audit Committee.


Chapter 9: Addressing Compliance and Risk Management Challenges through Automation.

Software Can Add Value beyond Compliance.

Monitoring Software.

Utilization of Continuous Monitoring: Control Testing and Control Automation.

Benefits of Continuous Monitoring.

Continuous Monitoring Tool Considerations.

Continuous Monitoring Process.

Risk Management Software.

Unifying Financial Statements, Close Tasks, and SOX Controls.

Determining the Right Solution.



Chapter 10: Ongoing Compliance and IFRS

International Financial Reporting Standards.

Communicating the Impact.

Preparing for International Financial Reporting Standards.

Comprehensive IFRS Transition Approach.

Key Elements of an Effective IFRS Implementation.


About the Author.