Title Details

Founded in 1887, the American Institute of Certified Public Accountants (AICPA) represents the CPA and accounting profession nationally and globally regarding rule-making and standard-setting, and serves as an advocate before legislative bodies, public interest groups and other professional organizations. The AICPA develops standards for audits of private companies and other services by CPAs; provides educational guidance materials to its members; develops and grades the Uniform CPA Examination; and monitors and enforces compliance with the accounting profession's technical and ethical standards.
The AICPA's founding established accountancy as a profession distinguished by rigorous educational requirements, high professional standards, a strict code of professional ethics, a licensing status and a commitment to serving the public interest.

1 Overview of the Enterprise Risk Management Publication 1

I. Introduction 1

II. Who Should Use This Publication 2

III. Conceptual Basis for This Publication 2

2 ERM Benefits, Concepts, and Components 3

I. Benefits of a Successful ERM Program 3

II. ERM Concepts 4

Definition of ERM 4

Risks and Opportunities 4

Risk in Strategy and Objective-Setting 4

The Importance of Taking an Enterprise or Portfolio View of Risk 5

Risk Appetite, Risk Tolerance, and Risk Profile 5

Risk Inventory 6

Emerging Risks 6

Integration and Embeddedness 6

III. Components of an ERM Program 6

1.0 Governance and Culture 7

2.0 Strategy and Objective Setting 8

3.0 Performance 9

4.0 Review and Revision 13

5.0 Information, Communication, and Reporting 13

3 ERM Roles and Responsibilities 15

I. Organization Roles 15

Board or Equivalent Roles 15

Organization Management 16

Internal Auditors 16

II. The Role of External Parties in the ERM Process 17

4 ERMProgramDevelopment 19

I. Mobilize 19

Establishing Appropriate Sponsorship and Resourcing 20

ERM Sponsorship 20

Commitment of Resources 20

Establishing Roles and Responsibilities 21

Program Governance 21

Planning and Launch for an Initial Program Development Phase 21

Timeline 21

II. Current State Analysis 22

Current State Considerations 22

Creating an Initial Inventory of Activities and Outcomes and Gather Documentation 23

Timeline 24

III. Future State Operating Model Design 24

Peer and Industry Analysis 24

Developing a Target ERM Operating Model and Framework 25

Developing the ERM Risk Appetite and Risk Tolerances 25

Linking Current ERM Activities to the ERM Program Plan 27

Documenting ERM Policies 27

ERM Program Scalability and Related Considerations 27

ERM Program Technology Considerations 27

Timeline 28

IV. Gap Analysis 28

Preliminary Observations 28

Recommendations 29

Timeline 29

V. Implementation and Reporting 29

Developing Implementation Roadmap and Project Plan 30

Designing Program Performance Measures and Reporting 30

Communication and Training 30

Changes to the Implementation Plan 30

Timeline 31

5 ERM Program Evaluation and Continuous Improvement. 33

I. ERM Program Evaluation 33

Approach to an ERM Program Evaluation 33

II. Continuous Improvement 34

Approach to Continuous Improvement 34

Commitment to Continuous Improvement 36

Glossary of Terms 37

Appendix A—COSO and ISO 31000 Framework Mapping 39

Appendix B—Example ERM Program Maturity Self-Assessment 45

Appendix C —References 51