Enterprise Risk Management Cycle
Many organizations that had not previously developed a formal ERM program are utilizing the work performed during initial Sarbanes-Oxley compliance as a platform to begin building and implementing such a plan. Ultimately, ERM should be the over-arching program, and all required compliance programs should be integrated into the overall risk management plan (see Figure 3.1).
A comprehensive ERM program should consist of the following high-level steps: Risk Identification, Risk Analysis/Quantification, Organizational Assessment, and Reporting and Monitoring.
Risk Identification
Checklist: Risk Identification Questions to Consider
 | What could prevent the organization from achieving its objectives? |
 | Have the following types of risk been taken into account: |
| (1) operational risks, (2) transactional risks resulting from execution error, product complexity, booking error, settlement error, delivery error/failure, or faulty documentation/contract, and (3) operational control risks resulting from exceeding limits, rogue trading, fraud, security breach, dependence on key personnel, and incorrect ... |
Get Sarbanes-Oxley Ongoing Compliance Guide: Key Processes and Summary Checklists now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
