You are previewing COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance (GRC) Processes, 2nd Edition.
O'Reilly logo
COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance (GRC) Processes, 2nd Edition

Book Description

A fully updated, step-by-step guide for implementing COSO's Enterprise Risk Management

COSO Enterprise Risk Management, Second Edition clearly enables organizations of all types and sizes to understand and better manage their risk environments and make better decisions through use of the COSO ERM framework. The Second Edition discusses the latest trends and pronouncements that have affected COSO ERM and explores new topics, including the PCAOB's release of AS5; ISACA's recently revised CobiT; and the recently released IIA Standards.

  • Offers you expert advice on how to carry out internal control responsibilities more efficiently

  • Updates you on the ins and outs of the COSO Report and its emergence as the new platform for understanding all aspects of risk in today's organization

  • Shows you how an effective risk management program, following COSO ERM, can help your organization to better comply with the Sarbanes-Oxley Act

  • Knowledgeably explains how to implement an effective ERM program

  • Preparing professionals develop and follow an effective risk culture, COSO Enterprise Risk Management, Second Edition is the fully revised, invaluable working resource that will show you how to identify risks, avoid pitfalls within your corporation, and keep it moving ahead of the competition.

    Table of Contents

    1. Cover
    2. Title Page
    3. Copyright
    4. Dedication
    5. Preface
    6. Chapter 1: Introduction: Enterprise Risk Management Today
      1. The COSO Internal Controls Framework: How Did We Get Here?
      2. The COSO Internal Controls Framework
      3. COSO Internal Controls: The Principal Recognized Internal Controls Standard
      4. An Introduction to COSO ERM
      5. Governance, Risk, and Compliance
      6. Global Computer Products: Our Example Company
    7. Chapter 2: Importance of Governance, Risk, and Compliance Principles
      1. Road to Effective GRC Principles
      2. Importance of GRC Governance
      3. Risk Management Component of GRC
      4. GRC and Enterprise Compliance
      5. Importance of Effective GRC Practices and Principles
    8. Chapter 3: Risk Management Fundamentals
      1. Fundamentals: Risk Management Phases
      2. Other Risk Assessment Techniques
    9. Chapter 4: COSO ERM Framework
      1. ERM Definitions and Objectives: A Portfolio View of Risk
      2. COSO ERM Framework Model
      3. Other Dimensions of the ERM Framework
    10. Chapter 5: Implementing ERM in the Enterprise
      1. Roles and Responsibilities of an Enterprise Risk Management Function
      2. Risk Management Policies, Standards, and Strategies
      3. Business, IT, and Risk Transfer Processes
      4. Risk Management Reviews and Corrective Action Practices
      5. ERM Communications Approaches
      6. CRO and an Effective Enterprise Risk Management Function
    11. Chapter 6: Importance of Strong Enterprise Governance Practices
      1. History and Background of Enterprise Governance: A U.S. Perspective
      2. Enterprise Integrity and Ethical Behavior
      3. Disclosure and Transparency
      4. Rights and Equitable Treatment of Shareholders and Key Stakeholders
      5. Governance Role and Responsibilities of the Board
      6. Governance as a Key Element of GRC
    12. Chapter 7: Enterprise Compliance Issues Today
      1. Compliance Issues Today
      2. Establish a Compliance Assessment Team
      3. Compliance Risk Assessments and Compliance Program Reviews
      4. Work Unit–Level Compliance Tracking and Review Processes
      5. Compliance-Related Procedures and Staff Education Programs
      6. Enterprise Hotline Compliance and Whistleblower Support
      7. Assessing the Overall Enterprise Compliance Program
    13. Chapter 8: Integrating ERM with COSO Internal Controls
      1. COSO Internal Controls Background and Earlier Legislation
      2. Efforts Leading to the Treadway Commission
      3. COSO Internal Controls Framework
      4. COSO Internal Controls and COSO ERM: Compared
    14. Chapter 9: Sarbanes-Oxley and Enterprise Risk Management Concerns
      1. Sarbanes-Oxley Act Background
      2. SOx Legislation Overview
      3. Enterprise Risk Management and SOx Section 404 Reviews
      4. Internal Controls Reporting and Materiality
      5. PCAOB Risk-Based Auditing Standards
      6. Sarbanes-Oxley: The Other Sections
      7. SOx and COSO ERM
    15. Chapter 10: Corporate Culture and Risk Portfolio Management
      1. Whistleblower and Hotline Functions
      2. Risk Portfolio Management
      3. Integrated Enterprise-Wide Risk Management
    16. Chapter 11: OCEG Capability Model GRC Standards
      1. GRC Capability Model “Red Book”
      2. Other OCEG Materials: The “Burgundy Book”
      3. Level and Scope of the OCEG Standards-Setting Authority
    17. Chapter 12: Importance of GRC Principles in the Board Room
      1. Board Decisions and Risk Management
      2. Board Organization and Governance Rules
      3. Corporate Charters and the Board Committee Structure
      4. Audit Committees and Managing Risks
      5. Establishing a Board-Level Risk Committee
      6. Audit and Risk Committee Coordination
      7. COSO ERM and Corporate Governance
    18. Chapter 13: Role of Internal Audit in Enterprise Risk Management
      1. Internal Audit Standards for Evaluating Risk
      2. COSO ERM for More Effective Internal Audit Planning
      3. Risk-Based Internal Audit Findings and Recommendations
      4. COSO ERM and Internal Audit
    19. Chapter 14: Understanding Project Management Risks
      1. Project Management Processes
      2. PMBOK® Guide: A Guide to the Project Management Book of Knowledge
      3. PMBOK® Guide's Project Manager Risk Management Approach
      4. Project-Related Risks: What Can Go Wrong
      5. Implementing ERM for Project Managers
    20. Chapter 15: Information Technology and Enterprise Risk Management
      1. IT and the COSO ERM Framework
      2. IT Application Systems Risks
      3. Effective IT Continuity Planning
      4. Worms, Viruses, and System Network Risks
      5. IT and Effective ERM Processes
    21. Chapter 16: Establishing an Effective GRC Culture throughout the Enterprise
      1. First Steps to Establishing a GRC Culture: An Example
      2. Promoting the Concept of Enterprise Risk
      3. Establishing of Enterprise-Wide Governance Awareness
      4. Enterprise Codes of Conduct
      5. Building a GRC Culture: Risk, Governance, and Compliance Education Programs
      6. Keeping the GRC Culture Current
    22. Chapter 17: ISO 31000 and 38500 Risk Management Worldwide Standards
      1. ISO Standards-Setting Process
      2. Understanding ISO 31000
      3. ISO 38500: The Corporate Governance of IT
      4. Implementing an ISO Standard
    23. Chapter 18: ERM and GRC Principles Going Forward
      1. ERM and GRC for the Internal Controls Professional
      2. COSO's Ongoing Support Role
      3. COSO ERM and GRC Future Prospects
    24. About the Author
    25. Index