High-level guidance for implementing enterprise risk management in any organization A Practical Guide to Risk Management shows organizations how to implement an effective ERM solution, starting with senior management and risk and compliance professionals working together to categorize and assess risks throughout the enterprise.

Preface xi Chapter 1: Overview of Enterprise Risk Management 1 ERM Introduction 1 Guidance:  History and Relationship 3 Organization View 5 ERM Today 7 Increased Pressure to Manage Risk 9 Additional evidence 10 Perceived Barriers to Risk Management 11 Building the Business Case for ERM: Value and Benefi ts 11 Keys to Success 13 Summary 15 Notes 16 Chapter 2: Corporate Governance and Roles and Responsibilities 17 Board Behavior 18 Corporate Culture 19 Roles and Responsibilities 20 Summary 23 Chapter 3: ERM Defined 25 Definitions and Concepts 28 Risk Categories 30 Internal Environment 31 Summary 34 note 34 Chapter 4: The ERM Process Step by Step 35 Step 1 Strategy and Objective Definition 36 Step 2 Event Identification 38 Step 3 Risk Assessment 40 Step 4 Risk Response 41 Step 5 Communication 45 Step 6 Monitoring 46 Oversight 47 Summary 47 Notes 48 Chapter 5: COSO Framework and Financial Controls 49 Focus on Financial Controls 49 Control Environment 52 Integrity and Ethical Values 53 Board of Directors 55 Management’s Philosophy and Operating Style 57 Organizational Structure 57 Financial Reporting Competencies 58 Authority and Responsibility 59 Human Resources 60 Summary 61 Notes 62 Appendix 5A: Excerpt from a Code of Ethics Policy 63 Our Guiding Principles and Values 64 Conflicts of Interest 64 Confidential Information; Intellectual Property 65 Appendix 5B: Whistleblower Program 67 Reports Regarding Accounting Matters 67 Investigation of Suspected Violations 68 Discipline for Violations 68 Appendix 5C: Approval Policy and Procedures 69 Policy 69 Purpose 69 Scope 69 Approvals/Documentation 70 Chapter 6: Financial Controls and Risk Assessment 74 Risk Assessment 74 Financial Reporting Objectives 75 Financial Reporting Risks 76 Fraud Risk 77 Entity-Level Controls 83 Example: Risk Assessment and Financial Controls 84 Evaluating Deficiencies 86 Summary 87 Notes 87 Appendix 6A: Entity-Level Control Assessment 88 Control Assessment Overview 88 Control Environment 90 Overall Evaluation of Control Environment 95 Risk Assessment 96 Overall Evaluation of Risk Assessment 98 Control Activities 99 Overall Evaluation of Control Activities 100 Information and Communication 101 Overall Evaluation of Information and Communication 104 Monitoring 105 Overall Evaluation of Monitoring 108 Summary Assessment 109 Overall Assessment of Internal Controls 110 Appendix 6B: Accounts Payable Preliminary Controls Assessment Questionnaire 111 Purchasing Controls Questionnaire 111 Internal Control Assessment 112 Appendix 6C: Fraud Risk Factors: AU Section 316 114 Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting 114 Chapter 7: Ongoing Compliance Overview 120 Origin of the Sarbanes-Oxley Act 120 Generating Value from Compliance 121 Moving Beyond Initial Compliance 123 Reevaluating the Compliance Program 125 Summary 131 Chapter 8: Ongoing Compliance Challenges 132 Future State Opportunity: Compliance Optimization 133 Issues to Consider When Optimizing Compliance 136 Ongoing Compliance Plan 138 Role of Internal Audit: Balancing the Compliance and Audit Functions 143 Evolving Role of the Audit Committee 145 Summary 148 Chapter 9: Addressing Compliance and Risk Management Challenges through Automation 149 Software Can Add Value Beyond Compliance 151 Monitoring Software 152 Utilization of Continuous Monitoring: Control Testing and Control Automation 153 Benefits of Continuous Monitoring 154 Continuous Monitoring Tool Considerations 155 Continuous Monitoring Process 155 Risk Management Software 157 Unifying Financial Statements, Close Tasks, and SOX Controls 159 Determining the Right Solution 159 Summary 161 Note 161 Chapter 10: Ongoing Compliance and IFRS 162 International Financial Reporting Standards 162 Communicating the Impact 164 Preparing for IFRS 166 Comprehensive IFRS Transition Approach 167 Key Elements of an Effective IFRS Implementation 170 Summary 172 About the Author 173 Index 175

Although Enterprise Risk Management (ERM) is a top concern for organizations of all types across the globe, the process of implementing ERM often overwhelms business leaders, who fear they don't have the time, money, experience, or resources to develop and sustain what they perceive to be a daunting project. Written to demystify the entire ERM process, Enterprise Risk Management Best Practices shows you how to easily and painlessly implement and maintain a practical, cost-effective ERM plan in any organization, regardless of its size, finances, or resources. Author Anne Marchetti—a Sarbanes-Oxley expert and thought leader on the subject—provides step-by-step guidance complemented by simplified explanations of related concepts in a handy, reader-friendly guide. Enterprise Risk Management Best Practices begins by explaining how ERM initiative must begin from the top, with senior management and risk and compliance professionals working together to categorize and assess risks throughout the enterprise. Marchetti then provides detailed coverage on the key risk categories of concern—financial, operational, reputational, and strategic—along with practical tips on how to handle risks that overlap across categories. Enterprise Risk Management Best Practices proceeds to walk you through the entire process of crafting ERM architectures and setting up ongoing monitoring and assessment processes. A must-read for CFOs, controllers, finance executives, auditors, IT managers, and consultants who want to curtail surprises and losses as well as capitalize on business opportunities, Enterprise Risk Management Best Practices delves deeply into: The value and benefits of ERMCorporate governance: roles and responsibilitiesThe role of IT in ERMThe ERM process, step by stepCOSO frameworkFinancial reporting competenciesWhistleblower programsFinancial reporting objectives and riskMoving beyond and reevaluating initial complianceAvailable tools in assessment and ongoing complianceKey challenges you may face along the wayBest practices for a successful ERM initiativeInternational financial reporting standardsKey elements of an effective IFRS implementationCost minimization and control optimization insights and strategies Even a minimal investment in risk assessment and risk management can improve efficiency and reduce losses in your organization. Let Enterprise Risk Management Best Practices guide you through a successful ERM program tailored to suit your company's unique needs.