COSO & ERM & Mnemonics
5 Components of ERM - ✔️✔️G-Governance and Culture - (DOVES)
O-Strategy and OBJECTIVE Setting - (SOAR)
P-Performance - (VAPIR)
R-Review and Revision - (SIR)
O-Information, Communication, and Reporting (ONGOING) - (TIP)
Governance and Culture - (G)opro - DOVES - ✔️✔️D-Defines DESIRED Culture
O-Exercises Board OVERSIGHT
V-Demonstrates Commitment to Core VALUES
E-Attracts, Develops, and Retains Capable EMPLOYEES
S-Establishes Operating STRUCTURE
Strategy and OBJECTIVE Setting - g(O)pro - SOAR - ✔️✔️S-Evaluates Alternative
STRATEGIES
O-Formulates Business OBJECTIVES
A-ANALYZES Business Context
R-Defines RISK Appetite
Control Environment - (C)rime - EBOCA - ✔️✔️E-Commitment to ETHICS and Integrity
B-Board Independence and Oversight
O-Organizational Structure
C-Commitment to Competence
A-Accountability
Risk Assessment -c(R)ime - ✔️✔️Make and entity (SAFR)
Risk Assessment -c(R)ime - SAFR - ✔️✔️S-Specific Objectives
A-Identify and ASSESS Changes
F-Consider Potential for FRAUD
R-Identify and Analyse RISK
Information and Communication - cr(I)me - ✔️✔️(OIE)
Between internal and external parties
Information and Communication - cr(I)me - OIE - ✔️✔️O-Obtain and Use Information
I-Internally Communicate Information
E-Communicate with EXTERNAL Parties
Monitoring Activities - cri(M)e - ✔️✔️(So D) Monitor SoD or grass won't grow
5 Components of ERM - ✔️✔️G-Governance and Culture - (DOVES)
O-Strategy and OBJECTIVE Setting - (SOAR)
P-Performance - (VAPIR)
R-Review and Revision - (SIR)
O-Information, Communication, and Reporting (ONGOING) - (TIP)
Governance and Culture - (G)opro - DOVES - ✔️✔️D-Defines DESIRED Culture
O-Exercises Board OVERSIGHT
V-Demonstrates Commitment to Core VALUES
E-Attracts, Develops, and Retains Capable EMPLOYEES
S-Establishes Operating STRUCTURE
Strategy and OBJECTIVE Setting - g(O)pro - SOAR - ✔️✔️S-Evaluates Alternative
STRATEGIES
O-Formulates Business OBJECTIVES
A-ANALYZES Business Context
R-Defines RISK Appetite
Control Environment - (C)rime - EBOCA - ✔️✔️E-Commitment to ETHICS and Integrity
B-Board Independence and Oversight
O-Organizational Structure
C-Commitment to Competence
A-Accountability
Risk Assessment -c(R)ime - ✔️✔️Make and entity (SAFR)
Risk Assessment -c(R)ime - SAFR - ✔️✔️S-Specific Objectives
A-Identify and ASSESS Changes
F-Consider Potential for FRAUD
R-Identify and Analyse RISK
Information and Communication - cr(I)me - ✔️✔️(OIE)
Between internal and external parties
Information and Communication - cr(I)me - OIE - ✔️✔️O-Obtain and Use Information
I-Internally Communicate Information
E-Communicate with EXTERNAL Parties
Monitoring Activities - cri(M)e - ✔️✔️(So D) Monitor SoD or grass won't grow
