Practice Aid: Enterprise Risk Management: Guidance For Practical Implementation and Assessment, 2018
By AICPA
()
About this ebook
This publication includes invaluable guidance for anyone responsible for or advising on an enterprise risk management process (ERM), whether the process is in its early stages or is already well established. This resource will help ensure the ERM process is well designed, well executed, and ultimately successful. Global, economic, and regulatory conditions as well as everyday internal risks can affect business operations, so it is important to have a process in place that identifies these events and manages risks. This guide leverages the concepts of existing frameworks as a foundation for providing illustrative examples, best practices, and guidance for implementing or assessing an enterprise risk management process.
Read more from Aicpa
Audit Risk Alert: Government Auditing Standards and Single Audit Developments: Strengthening Audit Integrity 2018/19 Rating: 0 out of 5 stars0 ratingsGuide to Audit Data Analytics Rating: 0 out of 5 stars0 ratingsAudit and Accounting Guide: Not-for-Profit Entities, 2018 Rating: 0 out of 5 stars0 ratingsAudit and Accounting Guide: State and Local Governments 2018 Rating: 0 out of 5 stars0 ratingsAudit and Accounting Guide: Entities With Oil and Gas Producing Activities, 2018 Rating: 0 out of 5 stars0 ratingsProspective Financial Information Rating: 0 out of 5 stars0 ratingsAudit and Accounting Guide: Investment Companies Rating: 0 out of 5 stars0 ratingsAudit Risk Alert: Employee Benefit Plans Industry Developments, 2018 Rating: 0 out of 5 stars0 ratingsAudit Risk Alert: General Accounting and Auditing Developments 2018/19 Rating: 0 out of 5 stars0 ratingsAudit and Accounting Guide: Property and Liability Insurance Entities 2018 Rating: 0 out of 5 stars0 ratingsAlert: Developments in Preparation, Compilation, and Review Engagements, 2017/18 Rating: 0 out of 5 stars0 ratingsCodification of Statements on Standards for Accounting and Review Services: Numbers 1 - 23 Rating: 0 out of 5 stars0 ratingsCodification of Statements on Auditing Standards: Numbers 122 to 133, January 2018 Rating: 0 out of 5 stars0 ratingsCodification of Statements on Standards for Accounting and Review Services: Numbers 21-24 Rating: 0 out of 5 stars0 ratingsAccounting Guide: Brokers and Dealers in Securities 2018 Rating: 0 out of 5 stars0 ratingsCodification of Statements on Standards for Attestation Engagements, January 2018 Rating: 0 out of 5 stars0 ratingsAudit and Accounting Guide: Life and Health Insurance Entities 2018 Rating: 0 out of 5 stars0 ratingsAudit Risk Alert: General Accounting and Auditing Developments, 2017/18 Rating: 0 out of 5 stars0 ratingsAudit Guide: Government Auditing Standards and Single Audits 2018 Rating: 0 out of 5 stars0 ratingsGuide: Preparation, Compilation, and Review Engagements, 2018 Rating: 0 out of 5 stars0 ratingsAudit and Accounting Guide: Gaming 2018 Rating: 0 out of 5 stars0 ratingsAudit and Accounting Guide: Construction Contractors, 2018 Rating: 0 out of 5 stars0 ratingsAttestation Engagements on Sustainability Information (Including Greenhouse Gas Emissions Information) Rating: 0 out of 5 stars0 ratingsAudit and Accounting Guide: Health Care Entities, 2018 Rating: 0 out of 5 stars0 ratingsEmployee Benefit Plans 2018 Rating: 0 out of 5 stars0 ratings
Related to Practice Aid
Related ebooks
Risk Culture A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsImplementing Enterprise Risk Management: From Methods to Applications Rating: 0 out of 5 stars0 ratingsFraud Risk Management A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsThe Certified Operational Risk Manager Rating: 0 out of 5 stars0 ratingsThe Internal Audit Handbook - The Business Approach to Driving Audit Value Rating: 0 out of 5 stars0 ratingsIoannis Tsiouras - The risk management according to the standard ISO 31000 Rating: 3 out of 5 stars3/5Enhanced Enterprise Risk Management Rating: 0 out of 5 stars0 ratingsRisk Management and ISO 31000: A pocket guide Rating: 0 out of 5 stars0 ratingsISO 31000 Risk Management Best Practice A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsEnterprise Risk Management Best Practices: From Assessment to Ongoing Compliance Rating: 0 out of 5 stars0 ratingsGuide to effective risk management 3.0 Rating: 0 out of 5 stars0 ratingsGovernance Risk And Compliance A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsHardening by Auditing: A Handbook for Measurably and Immediately Iimrpving the Security Management of Any Organization Rating: 0 out of 5 stars0 ratingsHow to Manage Risk and Compliance? Rating: 0 out of 5 stars0 ratingsThe Chartered Risk Manager Professional Rating: 5 out of 5 stars5/5COSO ERM A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsMastering 21st Century Enterprise Risk Management - 2nd Edition: The Future of ERM - Book 1 - Executive's Guide Rating: 0 out of 5 stars0 ratingsEnterprise Risk Management Applications A Complete Guide Rating: 0 out of 5 stars0 ratingsCOSO ERM A Complete Guide - 2021 Edition Rating: 5 out of 5 stars5/5Hardening by Auditing: A Handbook for Measurably and Immediately Improving the Security Management of Any Organization Rating: 0 out of 5 stars0 ratingsCOSO ERM Standard Requirements Rating: 0 out of 5 stars0 ratingsCOSO Internal Control A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsThe Executive’S Guide to Internal Auditing Rating: 0 out of 5 stars0 ratingsKey Risk Indicator A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsContinuous Auditing A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsOperational Risk Control with Basel II: Basic Principles and Capital Requirements Rating: 0 out of 5 stars0 ratingsRisk Appetite Best Practice A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsRisk Based Auditing A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratings
Accounting & Bookkeeping For You
Implementing Value Pricing: A Radical Business Model for Professional Firms Rating: 5 out of 5 stars5/5The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5The ZERO Percent: Secrets of the United States, the Power of Trust, Nationality, Banking and ZERO TAXES! Rating: 5 out of 5 stars5/5Excel Formulas and Functions 2020: Excel Academy, #1 Rating: 4 out of 5 stars4/5Accounting Rating: 5 out of 5 stars5/5Accounting For Dummies Rating: 5 out of 5 stars5/5The Book on Advanced Tax Strategies: Cracking the Code for Savvy Real Estate Investors Rating: 4 out of 5 stars4/5Forensic Accounting For Dummies Rating: 0 out of 5 stars0 ratingsQuickBooks 2023 All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsBookkeeping For Dummies Rating: 5 out of 5 stars5/5Bookkeeping: A Beginner’s Guide to Accounting and Bookkeeping for Small Businesses Rating: 5 out of 5 stars5/5Taxpayer's Comprehensive Guide to Llcs and S Corps: 2016 Edition Rating: 5 out of 5 stars5/5Start, Study and Pass The CPA Exam FAST - Proven 8 Step CPA Exam Study Playbook Rating: 5 out of 5 stars5/5Bookkeeping: An Essential Guide to Bookkeeping for Beginners along with Basic Accounting Principles Rating: 4 out of 5 stars4/5Accounting for Non-Accountants: The Fast and Easy Way to Learn the Basics Rating: 4 out of 5 stars4/5Accounting All-in-One For Dummies, with Online Practice Rating: 3 out of 5 stars3/5Small Business Accounting Guide to QuickBooks Online: A QuickBooks Online Cheat Sheet for Small Businesses, Churches, and Nonprofits Rating: 0 out of 5 stars0 ratingsFinance Basics (HBR 20-Minute Manager Series) Rating: 5 out of 5 stars5/5Bookkeeping: Step by Step Guide to Bookkeeping Principles & Basic Bookkeeping for Small Business Rating: 5 out of 5 stars5/5Profit First for Therapists Rating: 0 out of 5 stars0 ratingsRigging the Game: How to Achieve Financial Certainty, Navigate Risk and Make Money on Your Own Terms Rating: 0 out of 5 stars0 ratingsThe Tax and Legal Playbook: Game-Changing Solutions To Your Small Business Questions Rating: 3 out of 5 stars3/5
Reviews for Practice Aid
0 ratings0 reviews
Book preview
Practice Aid - AICPA
Recognition
Assurance Services Executive Committee (2017–2018)
Robert Dohrer, Chair
Bradley Ames
Christine M. Anderson
Nancy Bumgarner
Jim Burton
Mary Grace Davenport
Chris Halterman
Jennifer Haskell
Elaine Howle
Brian Martin
Brad Muniz
Joanna Purtell
Miklos Vasarhelyi
Risk Assurance and Advisory Services Task Force (2013-2014)
Alan Anderson, Co-Chair
Suzanne Christensen, Co-Chair
Aron Dunn
John Farrell
Bailey Jordan
Leslie Murphy
Tom Patterson
Paul Penler
Sallie Jo Perraglia
Dietmar Serbee
Beth A. Schneider
Leslie Thompson
Additional Contributors
Anita Dennis
Enterprise Risk Management: Guidance for Practical Implementation and Assessment
Revision Contributor (2017–2018)
Suzanne Christensen
AICPA Staff
Charles E. Landes
Vice President
Professional Standards Team
Amy Pawlicki
Vice President
Assurance and Advisory Innovation
Ami Beers
Director
Assurance & Advisory Services — Corporate Reporting
Dorothy McQuilken
Senior Manager
Audit Data Analytics and ERM
TABLE OF CONTENTS
Chapter
1 Overview of the Enterprise Risk Management Publication
I. Introduction
II. Who Should Use This Publication
III. Conceptual Basis for This Publication
2 ERM Benefits, Concepts, and Components
I. Benefits of a Successful ERM Program
II. ERM Concepts
Definition of ERM
Risks and Opportunities
Risk in Strategy and Objective-Setting
The Importance of Taking an Enterprise or Portfolio View of Risk
Risk Appetite, Risk Tolerance, and Risk Profile
Risk Inventory
Emerging Risks
Integration and Embeddedness
III. Components of an ERM Program
1.0 Governance and Culture
2.0 Strategy and Objective Setting
3.0 Performance
4.0 Review and Revision
5.0 Information, Communication, and Reporting
3 ERM Roles and Responsibilities
I. Organization Roles
Board or Equivalent Roles
Organization Management
Internal Auditors
II. The Role of External Parties in the ERM Process
4 ERM Program Development
I. Mobilize
Establishing Appropriate Sponsorship and Resourcing
ERM Sponsorship
Commitment of Resources
Establishing Roles and Responsibilities
Program Governance
Planning and Launch for an Initial Program Development Phase
Timeline
II. Current State Analysis
Current State Considerations
Creating an Initial Inventory of Activities and Outcomes and Gather Documentation
Timeline
III. Future State Operating Model Design
Peer and Industry Analysis
Developing a Target ERM Operating Model and Framework
Developing the ERM Risk Appetite and Risk Tolerances
Linking Current ERM Activities to the ERM Program Plan
Documenting ERM Policies
ERM Program Scalability and Related Considerations
ERM Program Technology Considerations
Timeline
IV. Gap Analysis
Preliminary Observations
Recommendations
Timeline
V. Implementation and Reporting
Developing Implementation Roadmap and Project Plan
Designing Program Performance Measures and Reporting
Communication and Training
Changes to the Implementation Plan
Timeline
5 ERM Program Evaluation and Continuous Improvement
I. ERM Program Evaluation
Approach to an ERM Program Evaluation
II. Continuous Improvement
Approach to Continuous Improvement
Commitment to Continuous Improvement
Glossary of Terms
Appendix A — COSO and ISO 31000 Framework Mapping
Appendix B — Example ERM Program Maturity Self-Assessment
Appendix C — References
EULA
Chapter 1
Overview of the Enterprise Risk Management Publication
I. Introduction
Every organization1 exists for the purpose of creating value for its stakeholders. To create value, an organization sets objectives, develops strategies, and plans for pursuing them, and performs actions. However, strategies, plans, and actions alone do not guarantee a desired outcome. Events and circumstances could affect the execution of these strategies and plans. Management is faced with the challenge of dealing with the uncertainties surrounding the achievement of its objectives. Enterprise risk management (ERM) is a process that enables management to address these uncertainties in a comprehensive, integrated, and organization-wide manner in order to create value. By implementing and maintaining an effective ERM program, management teams and the governing bodies of those organizations can increase their confidence that the organization can be successful in achieving its objectives. Customers, vendors, regulators, rating agencies, and other stakeholders are increasingly interested in understanding an organization’s ERM process and may base decisions regarding their interactions with the organization on the perceived sophistication and effectiveness of the ERM process.
This publication is intended to help those responsible for an ERM program, whether the program is in its early stages or is already well established, to design and operate an effective ERM program.
To begin, it is helpful to understand what an ERM program encompasses and how it is defined. The Committee of Sponsoring Organizations of the Treadway Commission (COSO), in its 2017 Enterprise Risk Management—Integrating with Strategy and Performance publication, defines ERM as follows:
The culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.
In comparison, the International Standardization Organization (ISO) 31000, Risk Management—Guidelines, defines risk management as coordinated activities to direct and control an organization with regard to risk
and further explains a risk management process as a systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording and reporting risk.
For purpose of this publication, an ERM Program is defined as an organization’s ERM culture, capabilities, and practices, including its people, structures, governance mechanisms, documents, values and incentives, data, and supporting technologies that allow an organization to operationalize and execute its end-to-end ERM programs. Many organizations are challenged with the initial design and implementation of such an enterprise-wide risk management process and program and with maintaining and improving them over time so that they continue to operate effectively and add value.
Thus, the purpose of this publication is to leverage these two existing conceptual frameworks and provide practical guidance for designing and implementing a new ERM program along with the policies and procedures that define an entire ERM program, or for assessing and improving an existing program. This publication intends to serve as a bridge