Running Header: Strayer University
Assignment 1: ERM Roadmap
CIS 558: IT Audit and Control
COSO Risk Management and ERM process
1
, Assignment 1: ERM Roadmap
According to Protiviti KnowledeLeader, The Committee of Sponsoring Organization of
the Treadway Commission (COSO) describes a method that has been adopted as the generally
accepted framework for the internal controls that implement measures that define assurance to
achieve the organizations objectives (KnowledgeLeader, 2020). The framework for COSO
includes standards that require organizations to follow and prevent fraud within the business. The
COSO main purpose is to monitor the financial reports and implement ways to prevent fraud
from occurring within the organization. The main purpose of COSO is to ensure that the
standards included are assessed to improve their internal controls. It is important for the
organization to comply with the governance and standards to prevent risk from getting out of
hand. The framework is viewed as a guideline book of standards that are available to be enforced
and followed by the entire organization under the policies set by the Accounting Board. There
are components that worked together to establish a foundation of internal controls that promote
leadership, values, accountability, and responsibility of those controls. The five components
consist of controlling the environment, assessing the risk, controlling the activities, ensuring
information and communication is effectively shared, and monitoring the controls. Controlling
the environment is effective when ethics and values are practiced from the beginning of the
process. You must have a commitment from the entire organization to have read and understood
the standards before moving forward with implementing the internal controls. A structure must
be created to ensure every standard and policy gets in enforced properly. Within controlling the
environment, authority of assignment alongside responsibility should be delegated among the
organization to utilize the rules of the organization.
Assessing the risk includes creating the organization objectives and enforcing them. It is
important to incorporate the process level objectives to manage change by performing a risk
2
Assignment 1: ERM Roadmap
CIS 558: IT Audit and Control
COSO Risk Management and ERM process
1
, Assignment 1: ERM Roadmap
According to Protiviti KnowledeLeader, The Committee of Sponsoring Organization of
the Treadway Commission (COSO) describes a method that has been adopted as the generally
accepted framework for the internal controls that implement measures that define assurance to
achieve the organizations objectives (KnowledgeLeader, 2020). The framework for COSO
includes standards that require organizations to follow and prevent fraud within the business. The
COSO main purpose is to monitor the financial reports and implement ways to prevent fraud
from occurring within the organization. The main purpose of COSO is to ensure that the
standards included are assessed to improve their internal controls. It is important for the
organization to comply with the governance and standards to prevent risk from getting out of
hand. The framework is viewed as a guideline book of standards that are available to be enforced
and followed by the entire organization under the policies set by the Accounting Board. There
are components that worked together to establish a foundation of internal controls that promote
leadership, values, accountability, and responsibility of those controls. The five components
consist of controlling the environment, assessing the risk, controlling the activities, ensuring
information and communication is effectively shared, and monitoring the controls. Controlling
the environment is effective when ethics and values are practiced from the beginning of the
process. You must have a commitment from the entire organization to have read and understood
the standards before moving forward with implementing the internal controls. A structure must
be created to ensure every standard and policy gets in enforced properly. Within controlling the
environment, authority of assignment alongside responsibility should be delegated among the
organization to utilize the rules of the organization.
Assessing the risk includes creating the organization objectives and enforcing them. It is
important to incorporate the process level objectives to manage change by performing a risk
2
