User:FSoltek/sandbox

Components of ERM
COSO, a Committee of Sponsoring Organizations of the Treadway Commission, uses the concept of Enterprise Risk Management for the first time. In this context, they published in 2004 the Enterprise Risk Management—Integrated Framework. In the past years the complexity of risk has changed, and new risks have emerged why COSO published in 2017 the updated framework of ERM. This framework includes five interrelated components which are found in the most ERM frameworks.

Governance and Culture establishes organizational processes and defines desired cultures to measure and manage risk across the company. The result is a top-down risk management.

Strategy and Objective-Setting formulates business objectives which put strategy into practice. The business objectives are a basis for identifying, assessing, and responding to risk. Also, Strategy and Objective-Setting analyzes business context, defines risk appetite and evaluates alternative strategies.

Performance identifies, assesses severity, and prioritizes risks which may impact the achievement of strategy and business objectives. Later, the company selects risk responses and develops a portfolio view. In the last step, the results are reported to key risk stakeholders.

Review and Revision consider how well the enterprise risk management components are functioning over time. Also, it reviews risk and performance, and, if necessary, improves the company and their risk management. Information, Communication, and Reporting. To communicate risk information and create reports on risk, culture, and performance to the company’s key stakeholders.