COSO ERM Framework
Starting on risk identification
Risk analysis is not a theoretical process, but it can often be critical to an entity´s overall success. Different members of the organization at different levels will look at some of the same risks from different viewpoints. Real SOX risk knowledge-base can serve as a basis to better define the specific risks facing various units of an enterprise.
Risk Management Benefits
Management should endeavor to identify all possible risks that may impact the success of the enterprise, ranging from the larger or more significant risks to the overall business down to the minor risks associated with individual projects or smaller business units.
- Guarantee an up-to-date risk analysis, showing the organization's actual risk picture.
- Communicate the risks to information owners, so they can register their acknowledgment about the identified risks and the implemented controls.
- Measure the efficiency of implemented controls in a timeline (to establish a trend line).
- Organize and correlate risks with internal controls.
- Integrate "risk" with "business & process view".
- Create objective evidences on the business managers' participation in the risk management process.
- Create a knowledge base regarding process risk and internal controls.
- Demonstrate the impact that follows risk to justify the investments.
- Prove due diligence to risk identification and treatment.
- Minimize the cost to implement and maintain the risk & internal control management process.