COSO enterprise risk management : understanding the new integrated ERM framework / Robert R. Moeller

Includes bibliographical references and index

-- Importance of enterprise risk management today -- COSO risk management: how did we get here? -- COSO internal control framework -- COSO internal control framework as a recognized standard -- Origins of COSO ERM -- Risk management fundamentals -- Fundamentals: risk management phases -- Other risk assessment techniques -- Risk management fundamentals going forward -- Components of COSO ERM -- ERM definitions and objectives: a portfolio view of risk -- COSO ERM framework model -- Other dimensions of the ERM framework -- COSO ERM organizational objectives -- ERM risk objective categories -- COSO ERM entity- and unit-level risks -- Putting it all together -- Implementing an effective ERM program -- Roles and responsibilities of an ERM function -- ERM communications approaches -- Cro and an effective enterprise risk management function -- Integrating ERM with COSO internal controls -- Coso internal controls: background and earlier legislation -- COSO internal control framework -- COSO internal controls and COSO ERM compared -- Sarbanes-Oxley and COSO ERM -- Sarbanes-Oxley background -- Sox legislation overview -- Sox and COSO ERM -- Importance of ERM in the corporate board room -- Board decisions and risk management -- Board organization and governance rules -- Audit committee and managing risks -- Establishing a board-level risk committee -- Audit and risk committee coordination -- COSO ERM and corporate governance -- Role of internal audit in ERM -- Internal audit standards for evaluating risk -- COSO ERM for more effective internal audit planning -- Risk-based internal audit findings and recommendations -- COSO ERM and internal audit -- Understanding project management risks -- Project management process -- Project-related risks: what can go wrong -- Implementing COSO ERM for project managers -- Establishing a program management office (PMO) -- Information technology and ERM -- IT and the COSO ERM framework -- Application systems risks -- Effective IT continuity planning worms, viruses, and system network risks -- IT and effective ERM processes -- Establishing an effective risk culture -- First steps to launching the culture : an example -- Promoting the concept of enterprise risk -- Building the COSO ERM culture: risk-related education programs -- Keeping the risk culture current -- ERM worldwide -- ERM "standards" versus an ERM framework -- ERM and ISO -- Convergence of risk management standards and practices -- COSO ERM going forward -- Future prospect for COSO ERM -- COSO ERM and ISO -- Learning more about risk management -- ERM: new professional opportunities