COSO ERM framework

Solution Preview

Discuss the COSO ERM framework, and how it includes and expands on the internal controls required by Sarbanes-Oxley Act.

Several recent highprofile business scandals and failures have caused investors, politicians, and
businesses to demand enhanced corporate governance and risk management techniques. This
demand is seen most clearly in the SarbanesOxley Act of 2002. Public companies are now
required to test and certify their internal controls over financial reporting.

COSO's ERM is a relatively new management technique and differs across companies and industries. The goal of the ERM
framework is to provide companies with key principles and concepts, a common language, and clear direction and guidance regarding the management enterprise risks. Additionally, companies may look to this ERM framework both to satisfy their internal control needs and move toward a fuller risk management process. This ERM framework incorporates adequate
financial internal controls as a component of enterprise risk management.

"ERM is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."
ERM is based on the premise that every entity exists to provide value for its stakeholders. Basic business principles suggest that the greater the risk associated with a decision, the greater the potential return that ...