Management testing for Enterprise Risk Management
The Enterprise Risk Management (ERM) is an integrated framework, which was also developed by Committee of Sponsoring Organizations of the Treadway Commission in 2004 (COSO 2004). Unlike COSO Internal Controls framework, management takes a top down view of the risks, which guide the business unit's heads and department managers to set objectives, rate risks, and determine responses to risk. Under this framework, top management sets the objectives to achieve the desired outcomes, for example, be recognized as a market leader in innovations, achieve certain income level from operations, comply with laws and regulations, and provide a nurturing workplace to employees. Many organizations that have adopted this framework require management to test the controls, once the risks are assessed and mitigating controls are identified. The Enterprise Risk Management process is applied across the organization and it is designed to help identify risks to...
