Title Details

Robert R. Moeller, CPA, CISA, CISSP, is an internal audit specialist and project manager with a strong understanding of information systems, corporate governance, and security. He has over twenty-five years of experience in internal auditing, ranging from launching new internal audit functions in several companies to serving as audit director for a Fortune 50 corporation. He held positions with Grant Thornton (national director of computer auditing) and Sears Roebuck (audit director). A frequently published author and professional speaker, he provides insights into many of the new rules impacting internal auditors today as well as the challenges audit committees face when dealing with Sarbanes-Oxley, internal controls, and their internal auditors.

Preface.

Chapter 1. Importance of Enterprise Risk Management Today.

COSO Risk Management:  How Did We Get Here?.

COSO Internal Controls Framework.

COSO Internal as a Recognized Standard.

Origins of COSO ERM.

Chapter 2. Risk Management Fundamentals.

Fundamentals: Risk Management Phases.

Other Risk Assessment Techniques.

Risk Management Fundamentals Going Forward.

Chapter 3. Components of COSO ERM.

ERM Definitions and Objectives:  A Portfolio View of Risk.

COSO ERM Framework Model.

Other Dimensions of the ERM Framework.

Chapter 4. COSO ERM Organization Objectives.

ERM Risk Objective Categories.

COSO ERM Entity and Unit Level Risks.

Putting It All Together.

Chapter 5. Implementing an Effective ERM Program.

Roles and Responsibilities of an Enterprise Risk Management Function.

ERM Communications Approaches.

CRO and an Effective Enterprise Risk Management Function.

Chapter 6. Integrating ERM with COSO Internal Controls.

COSO Internal Controls: Background and Earlier Legislation.

COSO Internal Control Framework.

COSO Internal Controls and COSO ERM Compared.

Chapter 7. Sarbanes-Oxley and COSO ERM.

Sarbanes-Oxley Background.

SOx Legislation Overview.

SOx and COSO ERM.

Chapter 8. Importance of ERM in the Corporate Board Room.

Board Decisions and Risk Management.

Board Organization and Governance Rules.

Audit Committee and Managing Risks.

Establishing a Board-Level Risk Committee.

Audit and Risk Committee Coordination.

COSO ERM and Corporate Governance.

Chapter 9. Role of Internal Audit in ERM.

Internal Audit Standards for Evaluating Risk.

COSO ERM for More Effective Internal Audit Planning.

Risk-Based Internal Audit Findings and Recommendations.

COSO ERM and Internal Audit.

Chapter 10. Understanding Project Management Risks.

Project Management Process.

Project-Related Risks:  What Can Go Wrong.

Implementing COSO ERM for Project Managers.

Establishing a Program Management Office (PMO).

Chapter 11. Information Technology and ERM.

IT and the COSO ERM Framework.

Application Systems Risks.

Effective IT Continuity Planning Worms, Viruses, And System Network Risks.

IT and Effective ERM Processes.

Chapter 12. Establishing an Effective Risk Culture.

First Steps to Launching the Culture – An Example.

Promoting the Concept of Enterprise Risk.

Building the COSO ERM Culture: Risk-Related Education Programs.

Keeping the Risk Culture Current.

Chapter 13. ERM Worldwide.

ERM "Standards" Versus an ERM Framework.

ERM and ISO.

Convergence Of Risk Management Standards And Practices.

Chapter 14. COSO ERM Going Forward.

Future Prospect for COSO ERM.

COSO ERM and ISO.

Learning More about Risk Management.

ERM: New Professional Opportunities.

Index.

"In the book…Robert Moeller aims to help business professionals at all levels-from staff internal auditors to corporate board members-understand risk management and make effective use of the COSO ERM framework. In COSO Moeller identifies the processes and guidance required to become better at evaluating, embracing, and managing business uncertainties and risks in order to protect and enhance enterprise value." (Strategic Finance, June 2009)