The study from which the control fr

The study from which the control framework was derived trok 3 years and involved hundreds of people and tens of thousands of hours of research, diamion, analysis and due process, coso's internal control model has five crucial comp which are summarized in Table 6-1 and discussed ge ter depth later in the chapter. These five in components are a a part of Coso's newer Enterprise Rik Manaar ment framework coso's Enterprise Risk Management Framework Nine years after coso issued the control framework it began investigating how to effectively identify, assess, and manage nsk so organizatins could improve the risk management process. The result was an enhanced corporate governance document, called Enterprise Risk Management-Integrated Framework ERM) ERM expands on the elements of the internal control integrated framework and provides an all-encompassing focus on the broader subject of enterprise risk management. The intent is to achieve all the goals of the control framework and help the organization to: Provide reasonable assurance that company objectives and goals are achieved and problems and surprises are minimized Achieve its financial and performance targets Assess risks continuously and identify the steps to take and the resources to allocate to overcome or mitigate risk Avoid adverse publicity and damage to the entity's reputation The ERM framework defines enterprise risk management as "a process affected by an entity's board of directors, management and other personnel, applied in stategy set- ting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives" The basic principles behind enterprise risk management zre: Companies are formed to create value for their ownen. Company management must decide how much uncertainty it will accept as it creates value.
Table 6-1 Five Interrelated Components Coso's Internal Control of Model Component Description Control environment The core of any business is people-ter ind vidual ombutes, including integrin vaus, and competance-ond 4e environment Mich day operaa. They are te engine drives te organization ord te loundaten on which every Control activities Control policies and procedures must be esablished and executed to help ensure that te odlons identified by management as necessary to oddres niks to ochievement the organization's objectives are eRechey corried The organization must be aware of and ded with te it Risk assessment faces must set obiectives so that he organization is operating in concert. It must also e*sh mechanisms to identify, analyze, ond manoge te related risks. Surrounding te control otv'ses ore information and Information and communication sysems that enable the organization to capture and exchange te in omahon needed to conduct, manoge and control its The entire process must be moni ored, ond modkachons mode Monitoring as necesioy so the system con read ond change as conditions warrant.