EBI Publications

Furthermore, the COSO definition outlines eight interrelated components of enterprise risk management, which constitute the ERM’s framework: -Internal Environment: encompasses the tone of organization, the philosophy of risk management and risk appetite of the organization, integrity and ethical values, and the environment in which they operate. - Objective Setting: ensures the process of setting the objectives suppo rting the organization’s mission and aligning with its risk appetite. - Event Identification: identifies the internal and external events that affects the organization’s objectives, thereby, identifies the risks and opportunities. - Risk Assessment: analyzes the probabilities of risks and their impacts for deciding the strategies of managing them. Risks are assessed on an inherent and a residual basis. While there are many other different definitions of enterprise risk management, many organizations have standardized on the definition outlined in COSO’s (Committee of Sponsoring Organizations of the Treadway Commission) Enterprise Risk Management — Integrated Framework, published in 2004. Enterprise risk management is defined by COSO as a process designed to : identify potential events that may affect the organization, manage risk to be within the organization’s risk appetite and provide reasonable assurance regarding the achievement of the organization’s objectives. These objectives are set forth in four categories: • Strategic – high-level goals, aligned with and supporting its mission • Operational – effective and efficient use of its resources • Reporting – reliability of reporting • Compliance – compliance with applicable laws and regulations