81,00 €*
Versandkostenfrei per Post / DHL
Aktuell nicht verfügbar
Gearing your organization up to develop and follow an effective risk culture, COSO Enterprise Risk Management, Second Edition presents COSO ERM as the optimal way of looking at all aspects of risk management in today's organization, equipping professionals to better understand the COSO ERM framework and make maximum use of this tool in evaluating the risks associated with all business decisions.
Using the COSO ERM framework's model and terminology, this book reveals how compliance with well-recognized and mandated standards are important for every organization and how a corporation can demonstrate that it is following best practices and is in conformity with regulatory rules.
The Second Edition thoroughly provides the latest guidance on relevant topics including:
- How COSO ERM is an important element in enterprise governance, risk, and compliance (GRC) processes
- The PCAOB's release of AS5, calling for enterprises to perform "top-down" risk analyses of their own internal controls
- ISACA's recently revised COBIT (Control Objectives for Information-related Technology)
- Recently released standards from the Institute of Internal Auditors (IIA) specifying that internal auditors must assess risks when performing their internal audits
- The AICPA's recently released Risk Assessment Standards for private companies
- ISO 3100, a new international standard on risk management
- The new Open Compliance and Ethics Group (OCEG) risk guidance
- Information technology and ERM including discussion of application systems risks, effective continuity planning, and risks to systems network access including worms and viruses
Helping business professionals, from staff internal auditors to corporate board members, understand risk management in general and make more effective use of the new COSO ERM risk management framework, COSO Enterprise Risk Management, Second Edition shows you how to master the various aspects of enterprise risk management?and succeed.
Gearing your organization up to develop and follow an effective risk culture, COSO Enterprise Risk Management, Second Edition presents COSO ERM as the optimal way of looking at all aspects of risk management in today's organization, equipping professionals to better understand the COSO ERM framework and make maximum use of this tool in evaluating the risks associated with all business decisions.
Using the COSO ERM framework's model and terminology, this book reveals how compliance with well-recognized and mandated standards are important for every organization and how a corporation can demonstrate that it is following best practices and is in conformity with regulatory rules.
The Second Edition thoroughly provides the latest guidance on relevant topics including:
- How COSO ERM is an important element in enterprise governance, risk, and compliance (GRC) processes
- The PCAOB's release of AS5, calling for enterprises to perform "top-down" risk analyses of their own internal controls
- ISACA's recently revised COBIT (Control Objectives for Information-related Technology)
- Recently released standards from the Institute of Internal Auditors (IIA) specifying that internal auditors must assess risks when performing their internal audits
- The AICPA's recently released Risk Assessment Standards for private companies
- ISO 3100, a new international standard on risk management
- The new Open Compliance and Ethics Group (OCEG) risk guidance
- Information technology and ERM including discussion of application systems risks, effective continuity planning, and risks to systems network access including worms and viruses
Helping business professionals, from staff internal auditors to corporate board members, understand risk management in general and make more effective use of the new COSO ERM risk management framework, COSO Enterprise Risk Management, Second Edition shows you how to master the various aspects of enterprise risk management?and succeed.
ROBERT R. MOELLER, CPA, CISA, CISSP, is an internal audit specialist and project manager with a strong understanding of business risk management, information systems, corporate governance, and security. He has over twenty-five years of experience in internal auditing, ranging from launching new internal audit functions in several companies to serving as audit director for a Fortune 50 corporation. Formerly national director of computer auditing at Grant Thornton and internal audit director at Sears Roebuck, he is the author of six books published by Wiley. He is the former president of the Institute of Internal Auditors' Chicago chapter and the former chair of the AICPA's Computer Audit Subcommittee.
Preface xi
Chapter 1: Introduction: Enterprise Risk Management Today 1
The COSO Internal Controls Framework: How Did We Get Here? 2
The COSO Internal Controls Framework 3
COSO Internal Controls: The Principal Recognized Internal Controls Standard 14
An Introduction to COSO ERM 14
Governance, Risk, and Compliance 15
Global Computer Products: Our Example Company 16
Chapter 2: Importance of Governance, Risk, and Compliance Principles 21
Road to Effective GRC Principles 22
Importance of GRC Governance 23
Risk Management Component of GRC 25
GRC and Enterprise Compliance 26
Importance of Effective GRC Practices and Principles 28
Chapter 3: Risk Management Fundamentals 31
Fundamentals: Risk Management Phases 32
Other Risk Assessment Techniques 45
Chapter 4: COSO ERM Framework 51
ERM Definitions and Objectives: A Portfolio View of Risk 51
COSO ERM Framework Model 55
Other Dimensions of the ERM Framework 86
Chapter 5: Implementing ERM in the Enterprise 89
Roles and Responsibilities of an Enterprise Risk Management Function 90
Risk Management Policies, Standards, and Strategies 100
Business, IT, and Risk Transfer Processes 105
Risk Management Reviews and Corrective Action Practices 108
ERM Communications Approaches 112
CRO and an Effective Enterprise Risk Management Function 113
Chapter 6: Importance of Strong Enterprise Governance Practices 115
History and Background of Enterprise Governance: A U.S. Perspective 116
Enterprise Integrity and Ethical Behavior 119
Disclosure and Transparency 125
Rights and Equitable Treatment of Shareholders and Key Stakeholders 126
Governance Role and Responsibilities of the Board 128
Governance as a Key Element of GRC 128
Chapter 7: Enterprise Compliance Issues Today 131
Compliance Issues Today 132
Establish a Compliance Assessment Team 133
Compliance Risk Assessments and Compliance Program Reviews 136
Work Unit-Level Compliance Tracking and Review Processes 138
Compliance-Related Procedures and Staff Education Programs 141
Enterprise Hotline Compliance and Whistleblower Support 142
Assessing the Overall Enterprise Compliance Program 144
Chapter 8: Integrating ERM with COSO Internal Controls 147
COSO Internal Controls Background and Earlier Legislation 147
Efforts Leading to the Treadway Commission 151
COSO Internal Controls Framework 156
COSO Internal Controls and COSO ERM: Compared 174
Chapter 9: Sarbanes-Oxley and Enterprise Risk Management Concerns 177
Sarbanes-Oxley Act Background 177
SOx Legislation Overview 179
Enterprise Risk Management and SOx Section 404 Reviews 193
Internal Controls Reporting and Materiality 198
PCAOB Risk-Based Auditing Standards 199
Sarbanes-Oxley: The Other Sections 200
SOx and COSO ERM 201
Chapter 10: Corporate Culture and Risk Portfolio Management 203
Whistleblower and Hotline Functions 204
Risk Portfolio Management 208
Integrated Enterprise-Wide Risk Management 211
Chapter 11: OCEG Capability Model GRC Standards 215
GRC Capability Model "Red Book" 215
Other OCEG Materials: The "Burgundy Book" 223
Level and Scope of the OCEG Standards-Setting Authority 224
Chapter 12: Importance of GRC Principles in the Board Room 225
Board Decisions and Risk Management 226
Board Organization and Governance Rules 230
Corporate Charters and the Board Committee Structure 231
Audit Committees and Managing Risks 235
Establishing a Board-Level Risk Committee 238
Audit and Risk Committee Coordination 244
COSO ERM and Corporate Governance 245
Chapter 13: Role of Internal Audit in Enterprise Risk Management 247
Internal Audit Standards for Evaluating Risk 248
COSO ERM for More Effective Internal Audit Planning 251
Risk-Based Internal Audit Findings and Recommendations 264
COSO ERM and Internal Audit 265
Chapter 14: Understanding Project Management Risks 267
Project Management Process 268
PMBOK_ Guide: A Guide to the Project Management Book of Knowledge 269
PMBOK_ Guide's Project Manager Risk Management Approach 272
Project-Related Risks: What Can Go Wrong 282
Implementing ERM for Project Managers 285
Chapter 15: Information Technology and Enterprise Risk Management 291
IT and the COSO ERM Framework 292
IT Application Systems Risks 294
Effective IT Continuity Planning 302
Worms, Viruses, and System Network Risks 307
IT and Effective ERM Processes 309
Chapter 16: Establishing an Effective GRC Culture throughout the Enterprise 311
First Steps to Establishing a GRC Culture: An Example 312
Promoting the Concept of Enterprise Risk 314
Establishing of Enterprise-Wide Governance Awareness 319
Enterprise Codes of Conduct 323
Building a GRC Culture: Risk, Governance, and Compliance Education Programs 326
Keeping the GRC Culture Current 327
Chapter 17: ISO 31000 and 38500 Risk Management Worldwide Standards 331
ISO Standards-Setting Process 332
Understanding ISO 31000 334
ISO 38500: The Corporate Governance of IT 337
Implementing an ISO Standard 340
Chapter 18: ERM and GRC Principles Going Forward 343
ERM and GRC for the Internal Controls Professional 344
COSO's Ongoing Support Role 347
COSO ERM and GRC Future Prospects 348
About the Author 351
Index 353
| Erscheinungsjahr: | 2011 |
|---|---|
| Fachbereich: | Betriebswirtschaft |
| Genre: | Wirtschaft |
| Rubrik: | Recht & Wirtschaft |
| Medium: | Buch |
| Inhalt: | 384 S. |
| ISBN-13: | 9780470912881 |
| ISBN-10: | 047091288X |
| Sprache: | Englisch |
| Einband: | Gebunden |
| Autor: | Moeller, Robert R |
| Auflage: | 2nd edition |
| Hersteller: |
Wiley
John Wiley & Sons |
| Maße: | 260 x 183 x 25 mm |
| Von/Mit: | Robert R Moeller |
| Erscheinungsdatum: | 06.09.2011 |
| Gewicht: | 0,921 kg |
ROBERT R. MOELLER, CPA, CISA, CISSP, is an internal audit specialist and project manager with a strong understanding of business risk management, information systems, corporate governance, and security. He has over twenty-five years of experience in internal auditing, ranging from launching new internal audit functions in several companies to serving as audit director for a Fortune 50 corporation. Formerly national director of computer auditing at Grant Thornton and internal audit director at Sears Roebuck, he is the author of six books published by Wiley. He is the former president of the Institute of Internal Auditors' Chicago chapter and the former chair of the AICPA's Computer Audit Subcommittee.
Preface xi
Chapter 1: Introduction: Enterprise Risk Management Today 1
The COSO Internal Controls Framework: How Did We Get Here? 2
The COSO Internal Controls Framework 3
COSO Internal Controls: The Principal Recognized Internal Controls Standard 14
An Introduction to COSO ERM 14
Governance, Risk, and Compliance 15
Global Computer Products: Our Example Company 16
Chapter 2: Importance of Governance, Risk, and Compliance Principles 21
Road to Effective GRC Principles 22
Importance of GRC Governance 23
Risk Management Component of GRC 25
GRC and Enterprise Compliance 26
Importance of Effective GRC Practices and Principles 28
Chapter 3: Risk Management Fundamentals 31
Fundamentals: Risk Management Phases 32
Other Risk Assessment Techniques 45
Chapter 4: COSO ERM Framework 51
ERM Definitions and Objectives: A Portfolio View of Risk 51
COSO ERM Framework Model 55
Other Dimensions of the ERM Framework 86
Chapter 5: Implementing ERM in the Enterprise 89
Roles and Responsibilities of an Enterprise Risk Management Function 90
Risk Management Policies, Standards, and Strategies 100
Business, IT, and Risk Transfer Processes 105
Risk Management Reviews and Corrective Action Practices 108
ERM Communications Approaches 112
CRO and an Effective Enterprise Risk Management Function 113
Chapter 6: Importance of Strong Enterprise Governance Practices 115
History and Background of Enterprise Governance: A U.S. Perspective 116
Enterprise Integrity and Ethical Behavior 119
Disclosure and Transparency 125
Rights and Equitable Treatment of Shareholders and Key Stakeholders 126
Governance Role and Responsibilities of the Board 128
Governance as a Key Element of GRC 128
Chapter 7: Enterprise Compliance Issues Today 131
Compliance Issues Today 132
Establish a Compliance Assessment Team 133
Compliance Risk Assessments and Compliance Program Reviews 136
Work Unit-Level Compliance Tracking and Review Processes 138
Compliance-Related Procedures and Staff Education Programs 141
Enterprise Hotline Compliance and Whistleblower Support 142
Assessing the Overall Enterprise Compliance Program 144
Chapter 8: Integrating ERM with COSO Internal Controls 147
COSO Internal Controls Background and Earlier Legislation 147
Efforts Leading to the Treadway Commission 151
COSO Internal Controls Framework 156
COSO Internal Controls and COSO ERM: Compared 174
Chapter 9: Sarbanes-Oxley and Enterprise Risk Management Concerns 177
Sarbanes-Oxley Act Background 177
SOx Legislation Overview 179
Enterprise Risk Management and SOx Section 404 Reviews 193
Internal Controls Reporting and Materiality 198
PCAOB Risk-Based Auditing Standards 199
Sarbanes-Oxley: The Other Sections 200
SOx and COSO ERM 201
Chapter 10: Corporate Culture and Risk Portfolio Management 203
Whistleblower and Hotline Functions 204
Risk Portfolio Management 208
Integrated Enterprise-Wide Risk Management 211
Chapter 11: OCEG Capability Model GRC Standards 215
GRC Capability Model "Red Book" 215
Other OCEG Materials: The "Burgundy Book" 223
Level and Scope of the OCEG Standards-Setting Authority 224
Chapter 12: Importance of GRC Principles in the Board Room 225
Board Decisions and Risk Management 226
Board Organization and Governance Rules 230
Corporate Charters and the Board Committee Structure 231
Audit Committees and Managing Risks 235
Establishing a Board-Level Risk Committee 238
Audit and Risk Committee Coordination 244
COSO ERM and Corporate Governance 245
Chapter 13: Role of Internal Audit in Enterprise Risk Management 247
Internal Audit Standards for Evaluating Risk 248
COSO ERM for More Effective Internal Audit Planning 251
Risk-Based Internal Audit Findings and Recommendations 264
COSO ERM and Internal Audit 265
Chapter 14: Understanding Project Management Risks 267
Project Management Process 268
PMBOK_ Guide: A Guide to the Project Management Book of Knowledge 269
PMBOK_ Guide's Project Manager Risk Management Approach 272
Project-Related Risks: What Can Go Wrong 282
Implementing ERM for Project Managers 285
Chapter 15: Information Technology and Enterprise Risk Management 291
IT and the COSO ERM Framework 292
IT Application Systems Risks 294
Effective IT Continuity Planning 302
Worms, Viruses, and System Network Risks 307
IT and Effective ERM Processes 309
Chapter 16: Establishing an Effective GRC Culture throughout the Enterprise 311
First Steps to Establishing a GRC Culture: An Example 312
Promoting the Concept of Enterprise Risk 314
Establishing of Enterprise-Wide Governance Awareness 319
Enterprise Codes of Conduct 323
Building a GRC Culture: Risk, Governance, and Compliance Education Programs 326
Keeping the GRC Culture Current 327
Chapter 17: ISO 31000 and 38500 Risk Management Worldwide Standards 331
ISO Standards-Setting Process 332
Understanding ISO 31000 334
ISO 38500: The Corporate Governance of IT 337
Implementing an ISO Standard 340
Chapter 18: ERM and GRC Principles Going Forward 343
ERM and GRC for the Internal Controls Professional 344
COSO's Ongoing Support Role 347
COSO ERM and GRC Future Prospects 348
About the Author 351
Index 353
| Erscheinungsjahr: | 2011 |
|---|---|
| Fachbereich: | Betriebswirtschaft |
| Genre: | Wirtschaft |
| Rubrik: | Recht & Wirtschaft |
| Medium: | Buch |
| Inhalt: | 384 S. |
| ISBN-13: | 9780470912881 |
| ISBN-10: | 047091288X |
| Sprache: | Englisch |
| Einband: | Gebunden |
| Autor: | Moeller, Robert R |
| Auflage: | 2nd edition |
| Hersteller: |
Wiley
John Wiley & Sons |
| Maße: | 260 x 183 x 25 mm |
| Von/Mit: | Robert R Moeller |
| Erscheinungsdatum: | 06.09.2011 |
| Gewicht: | 0,921 kg |
Ähnliche Produkte
Aktuell nicht verfügbar
Lieferzeit 1-2 Wochen
Aktuell nicht verfügbar
Aktuell nicht verfügbar
Lieferzeit 4-7 Werktage
Aktuell nicht verfügbar
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Wochen