Auditing the Enterprise Risk Management (ERM) Process

Who will benefit from this course?

Audit Directors and Managers, Risk Officers, Internal and External Auditors, Information Technology Auditors, and Operations Managers.

Course Objectives

Upon completion of this course, participants will:

• Understand the basic elements of the entire ERM process, including governance, execution, and reporting.
• Define common ERM vocabulary and terminology.
• Understand how the ERM process should be linked to the organization's strategy.
• Apply the ERM framework principles and develop auditing procedures to assess the effectiveness of an organization's ERM process.
• Identify the differences between the two of the most used ERM frameworks, COSO and ISO

Course Topics

1. Enterprise Risk Management (ERM)

• Overview
• Risk Appetite
• ERM Governance
• Internal Audit’s Role and Responsibilities
• Black Swans
• ERM Effectiveness
• ERM Metrics
• ERM and Strategy

2. COSO Principles

• Overview
• COSO Principle 1: Exercises Board Oversight
• COSO Principle 2: Establishes Operating Structures
• COSO Principle 3: Defines Desired Culture
• COSO Principle 4: Demonstrates Commitment to Core Values
• COSO Principle 5: Attracts, Develops and Retains Capable Individuals
• COSO Principle 6: Analyzes Business Context
• COSO Principle 7: Defines Risk Appetite
• COSO Principle 8: Evaluates Alternative Strategies
• COSO Principle 9: Formulates Business Objectives
• COSO Principle 10: Identifies Risk
• COSO Principle 11: Assesses Severity of Risk
• COSO Principle 12: Prioritizes Risk
• COSO Principle 13: Implements Risk Responses
• COSO Principle 14: Develops Portfolio View
• COSO Principle 15: Assesses Substantial Change
• COSO Principle 16: Reviews Risk and Performance
• COSO Principle 17: Pursues Improvement to ERM
• COSO Principle 18: Leverages Information Systems
• COSO Principle 19: Communicates Risk Information
• COSO Principle 20: Reports on Risk, Culture, and Performance

3. Reports

• Types of Reporting