COSO Enterprise risk management framework

The COSO "Enterprise Risk Management-Integrated Framework" published in 2004[1] defines ERM as: "A process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."

The COSO ERM Framework has eight Components and four objectives categories. It is an expansion of the COSO Internal Control-Integrated Framework published in 1992 and amended in 1994. The eight components - additional components highlighted - are:


Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information and Communication
Monitoring

The four objectives categories - additional components highlighted - are:

Strategy - high-level goals, aligned with and supporting the organization's mission
Operations - effective and efficient use of resources
Financial Reporting - reliability of operational and financial reporting
Compliance - compliance with applicable laws and regulations

http://en.wikipedia.org/wiki/Enterprise_risk_management