Robert R. Moeller

COSO Enterprise Risk Management (eBook, PDF)

Establishing Effective Governance, Risk, and Compliance Processes

• Format: PDF

Produktbeschreibung

A fully updated, step-by-step guide for implementing COSO's Enterprise Risk Management COSO Enterprise Risk Management, Second Edition clearly enables organizations of all types and sizes to understand and better manage their risk environments and make better decisions through use of the COSO ERM framework. The Second Edition discusses the latest trends and pronouncements that have affected COSO ERM and explores new topics, including the PCAOB's release of AS5; ISACA's recently revised CobiT; and the recently released IIA Standards. * Offers you expert advice on how to carry out internal control responsibilities more efficiently * Updates you on the ins and outs of the COSO Report and its emergence as the new platform for understanding all aspects of risk in today's organization * Shows you how an effective risk management program, following COSO ERM, can help your organization to better comply with the Sarbanes-Oxley Act * Knowledgeably explains how to implement an effective ERM program Preparing professionals develop and follow an effective risk culture, COSO Enterprise Risk Management, Second Edition is the fully revised, invaluable working resource that will show you how to identify risks, avoid pitfalls within your corporation, and keep it moving ahead of the competition.

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.

Produktdetails

• Verlag: John Wiley & Sons
• Seitenzahl: 384
• Erscheinungstermin: 26. Juli 2011
• Englisch
• ISBN-13: 9781118102527
• Artikelnr.: 37344675

Autorenporträt

ROBERT R. MOELLER, CPA, CISA, CISSP, is an internal audit specialist and project manager with a strong understanding of business risk management, information systems, corporate governance, and security. He has over twenty-five years of experience in internal auditing, ranging from launching new internal audit functions in several companies to serving as audit director for a Fortune 50 corporation. Formerly national director of computer auditing at Grant Thornton and internal audit director at Sears Roebuck, he is the author of six books published by Wiley. He is the former president of the Institute of Internal Auditors' Chicago chapter and the former chair of the AICPA's Computer Audit Subcommittee.

Inhaltsangabe

Preface xi Chapter 1: Introduction: Enterprise Risk Management Today 1 The
COSO Internal Controls Framework: How Did We Get Here? 2 The COSO Internal
Controls Framework 3 COSO Internal Controls: The Principal Recognized
Internal Controls Standard 14 An Introduction to COSO ERM 14 Governance,
Risk, and Compliance 15 Global Computer Products: Our Example Company 16
Chapter 2: Importance of Governance, Risk, and Compliance Principles 21
Road to Effective GRC Principles 22 Importance of GRC Governance 23 Risk
Management Component of GRC 25 GRC and Enterprise Compliance 26 Importance
of Effective GRC Practices and Principles 28 Chapter 3: Risk Management
Fundamentals 31 Fundamentals: Risk Management Phases 32 Other Risk
Assessment Techniques 45 Chapter 4: COSO ERM Framework 51 ERM Definitions
and Objectives: A Portfolio View of Risk 51 COSO ERM Framework Model 55
Other Dimensions of the ERM Framework 86 Chapter 5: Implementing ERM in the
Enterprise 89 Roles and Responsibilities of an Enterprise Risk Management
Function 90 Risk Management Policies, Standards, and Strategies 100
Business, IT, and Risk Transfer Processes 105 Risk Management Reviews and
Corrective Action Practices 108 ERM Communications Approaches 112 CRO and
an Effective Enterprise Risk Management Function 113 Chapter 6: Importance
of Strong Enterprise Governance Practices 115 History and Background of
Enterprise Governance: A U.S. Perspective 116 Enterprise Integrity and
Ethical Behavior 119 Disclosure and Transparency 125 Rights and Equitable
Treatment of Shareholders and Key Stakeholders 126 Governance Role and
Responsibilities of the Board 128 Governance as a Key Element of GRC 128
Chapter 7: Enterprise Compliance Issues Today 131 Compliance Issues Today
132 Establish a Compliance Assessment Team 133 Compliance Risk Assessments
and Compliance Program Reviews 136 Work Unit-Level Compliance Tracking and
Review Processes 138 Compliance-Related Procedures and Staff Education
Programs 141 Enterprise Hotline Compliance and Whistleblower Support 142
Assessing the Overall Enterprise Compliance Program 144 Chapter 8:
Integrating ERM with COSO Internal Controls 147 COSO Internal Controls
Background and Earlier Legislation 147 Efforts Leading to the Treadway
Commission 151 COSO Internal Controls Framework 156 COSO Internal Controls
and COSO ERM: Compared 174 Chapter 9: Sarbanes-Oxley and Enterprise Risk
Management Concerns 177 Sarbanes-Oxley Act Background 177 SOx Legislation
Overview 179 Enterprise Risk Management and SOx Section 404 Reviews 193
Internal Controls Reporting and Materiality 198 PCAOB Risk-Based Auditing
Standards 199 Sarbanes-Oxley: The Other Sections 200 SOx and COSO ERM 201
Chapter 10: Corporate Culture and Risk Portfolio Management 203
Whistleblower and Hotline Functions 204 Risk Portfolio Management 208
Integrated Enterprise-Wide Risk Management 211 Chapter 11: OCEG Capability
Model GRC Standards 215 GRC Capability Model ''Red Book'' 215 Other OCEG
Materials: The ''Burgundy Book'' 223 Level and Scope of the OCEG
Standards-Setting Authority 224 Chapter 12: Importance of GRC Principles in
the Board Room 225 Board Decisions and Risk Management 226 Board
Organization and Governance Rules 230 Corporate Charters and the Board
Committee Structure 231 Audit Committees and Managing Risks 235
Establishing a Board-Level Risk Committee 238 Audit and Risk Committee
Coordination 244 COSO ERM and Corporate Governance 245 Chapter 13: Role of
Internal Audit in Enterprise Risk Management 247 Internal Audit Standards
for Evaluating Risk 248 COSO ERM for More Effective Internal Audit Planning
251 Risk-Based Internal Audit Findings and Recommendations 264 COSO ERM and
Internal Audit 265 Chapter 14: Understanding Project Management Risks 267
Project Management Process 268 PMBOK1 Guide: A Guide to the Project
Management Book of Knowledge 269 PMBOK1 Guide's Project Manager Risk
Management Approach 272 Project-Related Risks: What Can Go Wrong 282
Implementing ERM for Project Managers 285 Chapter 15: Information
Technology and Enterprise Risk Management 291 IT and the COSO ERM Framework
292 IT Application Systems Risks 294 Effective IT Continuity Planning 302
Worms, Viruses, and System Network Risks 307 IT and Effective ERM Processes
309 Chapter 16: Establishing an Effective GRC Culture throughout the
Enterprise 311 First Steps to Establishing a GRC Culture: An Example 312
Promoting the Concept of Enterprise Risk 314 Establishing of
Enterprise-Wide Governance Awareness 319 Enterprise Codes of Conduct 323
Building a GRC Culture: Risk, Governance, and Compliance Education Programs
326 Keeping the GRC Culture Current 327 Chapter 17: ISO 31000 and 38500
Risk Management Worldwide Standards 331 ISO Standards-Setting Process 332
Understanding ISO 31000 334 ISO 38500: The Corporate Governance of IT 337
Implementing an ISO Standard 340 Chapter 18: ERM and GRC Principles Going
Forward 343 ERM and GRC for the Internal Controls Professional 344 COSO's
Ongoing Support Role 347 COSO ERM and GRC Future Prospects 348 About the
Author 351 Index 353