A Practical Guide to Risk Management shows organizations how to implement an effective ERM solution, starting with senior management and risk and compliance professionals working together to categorize and assess risks throughout the enterprise. Detailed guidance is provided on the key risk categories, including financial, operational, reputational, and strategic areas, along with practical tips on how to handle risks that overlap across categories.
- Provides high-level guidance on how to implement enterprise risk management across any organization
- Includes discussion of the latest trends and best practices
- Features the role of IT in ERM and the tools that are available in both assessment and on-going compliance
- Discusses the key challenges that need to be overcome for a successful ERM initiative
Walking readers through the creation of ERM architecture and setting up on-going monitoring and assessement processes, this is an essential book for every CFO, controller and IT manager.
Table of Contents
Preface xi
Chapter 1: Overview of Enterprise Risk Management 1
ERM Introduction 1
Guidance: History and Relationship 3
Organization View 5
ERM Today 7
Increased Pressure to Manage Risk 9
Additional evidence 10
Perceived Barriers to Risk Management 11
Building the Business Case for ERM: Value and Benefi ts 11
Keys to Success 13
Summary 15
Notes 16
Chapter 2: Corporate Governance and Roles and Responsibilities 17
Board Behavior 18
Corporate Culture 19
Roles and Responsibilities 20
Summary 23
Chapter 3: ERM Defined 25
Definitions and Concepts 28
Risk Categories 30
Internal Environment 31
Summary 34
note 34
Chapter 4: The ERM Process Step by Step 35
Step 1 Strategy and Objective Definition 36
Step 2 Event Identification 38
Step 3 Risk Assessment 40
Step 4 Risk Response 41
Step 5 Communication 45
Step 6 Monitoring 46
Oversight 47
Summary 47
Notes 48
Chapter 5: COSO Framework and Financial Controls 49
Focus on Financial Controls 49
Control Environment 52
Integrity and Ethical Values 53
Board of Directors 55
Management’s Philosophy and Operating Style 57
Organizational Structure 57
Financial Reporting Competencies 58
Authority and Responsibility 59
Human Resources 60
Summary 61
Notes 62
Appendix 5A: Excerpt from a Code of Ethics Policy 63
Our Guiding Principles and Values 64
Conflicts of Interest 64
Confidential Information; Intellectual Property 65
Appendix 5B: Whistleblower Program 67
Reports Regarding Accounting Matters 67
Investigation of Suspected Violations 68
Discipline for Violations 68
Appendix 5C: Approval Policy and Procedures 69
Policy 69
Purpose 69
Scope 69
Approvals/Documentation 70
Chapter 6: Financial Controls and Risk Assessment 74
Risk Assessment 74
Financial Reporting Objectives 75
Financial Reporting Risks 76
Fraud Risk 77
Entity-Level Controls 83
Example: Risk Assessment and Financial Controls 84
Evaluating Deficiencies 86
Summary 87
Notes 87
Appendix 6A: Entity-Level Control Assessment 88
Control Assessment Overview 88
Control Environment 90
Overall Evaluation of Control Environment 95
Risk Assessment 96
Overall Evaluation of Risk Assessment 98
Control Activities 99
Overall Evaluation of Control Activities 100
Information and Communication 101
Overall Evaluation of Information and Communication 104
Monitoring 105
Overall Evaluation of Monitoring 108
Summary Assessment 109
Overall Assessment of Internal Controls 110
Appendix 6B: Accounts Payable Preliminary Controls
Assessment Questionnaire 111
Purchasing Controls Questionnaire 111
Internal Control Assessment 112
Appendix 6C: Fraud Risk Factors: AU Section 316 114
Risk Factors Relating to Misstatements Arising from Fraudulent
Financial Reporting 114
Chapter 7: Ongoing Compliance Overview 120
Origin of the Sarbanes-Oxley Act 120
Generating Value from Compliance 121
Moving Beyond Initial Compliance 123
Reevaluating the Compliance Program 125
Summary 131
Chapter 8: Ongoing Compliance Challenges 132
Future State Opportunity: Compliance Optimization 133
Issues to Consider When Optimizing Compliance 136
Ongoing Compliance Plan 138
Role of Internal Audit: Balancing the Compliance and
Audit Functions 143
Evolving Role of the Audit Committee 145
Summary 148
Chapter 9: Addressing Compliance and Risk Management
Challenges through Automation 149
Software Can Add Value Beyond Compliance 151
Monitoring Software 152
Utilization of Continuous Monitoring: Control Testing and Control
Automation 153
Benefits of Continuous Monitoring 154
Continuous Monitoring Tool Considerations 155
Continuous Monitoring Process 155
Risk Management Software 157
Unifying Financial Statements, Close Tasks, and SOX Controls 159
Determining the Right Solution 159
Summary 161
Note 161
Chapter 10: Ongoing Compliance and IFRS 162
International Financial Reporting Standards 162
Communicating the Impact 164
Preparing for IFRS 166
Comprehensive IFRS Transition Approach 167
Key Elements of an Effective IFRS Implementation 170
Summary 172
About the Author 173
Index 175
