The Eight Core Components of Enterprise Risk Management (ERM)

The eight core components of enterprise risk management (ERM) framework according to COSO are:

1. Internal Environment
This includes the organization's risk management philosophy, risk appetite, ethical values, integrity, and competence of personnel. It forms the foundation for all other ERM components.

2. Objective Setting
Objectives must be set at different levels within the organization and aligned with the organization's risk appetite before risks can be identified and assessed.

3. Event Identification
Internal and external events that may positively or negatively impact the achievement of objectives must be identified.

4. Risk Assessment
Risks are analyzed by considering their likelihood and impact as a basis for how they should be managed. Risks are assessed on an inherent and residual basis.

5. Risk Response
Management selects risk responses - avoiding, accepting, reducing or sharing risk - developing a set of actions to align risks with the entity's risk tolerances and risk appetite.

6. Control Activities
Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.

7. Information and Communication
Relevant information is identified, captured and communicated in a form and timeframe that enables people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across and up the entity.

8. Monitoring
The entirety of ERM is monitored and modifications are made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations or both.

The components are designed to integrate with the organization's operations and are iterative, with monitoring feeding back into modifying the other components as needed.

Connect with our partners for your great learning on Enterprise Risk Management leading to Certified Chief Risk Officer.