From Internal Control to Enterprise Risk Management

By Gauthier, Stephen J. | Government Finance Review, April 2005 | Go to article overview

From Internal Control to Enterprise Risk Management


Gauthier, Stephen J., Government Finance Review


In September 2004, the Council of Sponsoring Organizations of the Treadway Commission on Fraudulent Financial Reporting issued Enterprise Risk Management--Integrated Framework. The new publication is intended to provide a more robust framework for COSO's earlier seminal work Internal Control--Integrated Framework (1992).

BACKGROUND

In the early 1990s, the Treadway Commission came to the conclusion that a broad conceptual framework was necessary if managers were to be properly equipped to meet their responsibility for internal control. The key features of this conceptual framework, as set forth in Internal Control--Integrated Framework, can be very briefly summarized as follows:

* Managers are responsible for achieving three basic objectives: (1) they must operate effectively and efficiently, (2) they must produce financial reports that outside parties can reasonably rely upon, and (3) they must comply with applicable laws and regulations.

* Managers cannot leave the achievement of these objectives to chance. Rather, they must create a structure or framework of internal control to ensure that each of these objectives is met.

* A truly comprehensive framework requires five components: (1) the establishment and maintenance of a sound control environment (corporate culture): (2) the regular, ongoing assessment of risk, (3) the design, implementation, and maintenance of control-related policies and procedures to compensate for identified risks; (4) adequate communication; and 5) the regular, ongoing monitoring of control-related policies and procedures to ensure that they continue to function as designed and to ensure that identified problems are handled appropriately.

The first COSO report was extraordinarily well received. Indeed, its comprehensive framework of internal control has provided the criteria now commonly used for internal control assessments, such as those recently mandated by the Sarbanes-Oxley legislation.

COSO itself remains highly satisfied with its original work and expressly states that it does not intend for its more recent report to alter or supplant its earlier guidance. All the same, COSO reached the conclusion that its earlier work on internal control could benefit from being placed within an even broader conceptual framework that COSO chose to describe as enterprise risk management.

NEW GUIDANCE

COSO defines enterprise risk management as "a process effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. This process necessarily involves both individual units within an organization and the organization as a whole."

Like the earlier report, Enterprise Risk Management--Integrated Framework reiterates essentially the same three basic managerial objectives identified previously: operations, reporting (broadened to encompass nonfinancial and internal reporting), and compliance. In addition, COSO has identified a fourth category--strategic objectives--that that it describes as being a "higher level objective" with which the other three objectives need to be aligned.

Enterprise Risk Management--Integrated Framework also replaces the single risk assessment component of the earlier framework with four separate components (including one that continues to be called risk assessment), while at the same time providing additional guidance on the remaining four components identified in the earlier report. Thus, Enterprise Risk Management--Integrated Framework identities eight interrelated components that are necessary to provide reasonable assurance that objectives are being achieved or that management is made aware of risks that could impede their achievement:

* Internal environment

* Objective setting

* Event identification

* Risk assessment

* Risk response

* Control activities

* Information and communication

* Monitoring

A key factor of the internal environment component is the identification of an organization's risk appetite. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

From Internal Control to Enterprise Risk Management
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.