Incluye referencias bibliográficas e índice. CONTENIDO: Introduction: Enterprise Risk Management Today -- Importance of Governance, Risk, and Compliance Principles -- Risk Management Fundamentals -- COSO ERM Framework -- Implementing ERM in the Enterprise -- Importance of Strong Enterprise Governance Practices -- Enterprise Compliance Issues Today -- Integrating ERM with COSO Internal Controls -- Sarbanes-Oxley and Enterprise Risk Management Concerns -- Corporate Culture and Risk Portfolio Management -- OCEG Capability Model GRC Standards -- Importance of GRC Principles in the Board Room -- Role of Internal Audit in Enterprise Risk Management -- Understanding Project Management Risks -- Information Technology and Enterprise Risk Management -- Establishing an Effective GRC Culture throughout the Enterprise -- ISO 31000 and 38500 Risk Management Worldwide Standards -- ERM and GRC Principles Going Forward.
"Using the COSO ERM (Committee of Sponsoring Organizations Enterprise Risk Management) framework's model, this book discusses the importance of understanding the various risks facing the many aspects of business operations. It will help professionals develop and follow an effective risk culture. In addition, it shows how compliance with well-recognized and mandated standards are important for every organization as well as shows how a corporation can demonstrate that it is following best practices and is in conformity with regulatory rules.New topics to be discussed include: (a) the PCAOB's (Public Company Accounting Oversight Board's) release of AS5, which calls for enterprises to perform "top down" risk analyses of their own internal controls, as a major step to SOx compliance; (b) ISACA's (Information Systems Audit and Control Association) recently revised CobiT (Control Objectives for Information related Technology) with a major emphasis on understanding risk when evaluating and assessing IT and enterprise internal controls. This book will discuss the importance of understanding risks when using CobiT; (c) the Institute of Internal Auditors (IIA) Standards recently released specify that internal auditors must assess risks when performing their internal audits; (d) ISO 3100, a standard on risk management, will be introduced; and (e) the AICPA's recently released Risk Assessment Standards for private companies"--Provided by publisher.