The Internal Control – Integrated Framework continues to serve as the broadly accepted standard for satisfying those reporting requirements ; however, in 2004 COSO published Enterprise Risk Management-Integrated Framework.

COSO believes the Enterprise Risk Management – Integrated Framework provides a clearly defined interrelationship between an organization's risk management components and objectives that will fill the need to meet new law, regulation, and listing standards and expects it will become widely accepted by companies and other organizations and interested parties.

* COSO framework, Risk management

We have also audited management's assessment, included in the accompanying Management's Annual Report on Internal Control Over Financial Reporting, that the Company maintained effective internal control over financial reporting as of December 31, 20XX, based on criteria established in Internal Control — Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (" COSO "). The Company's management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting.

In our opinion, management's assessment that ABC Company maintained effective internal control over financial reporting as of December 31, 20XX, is fairly stated, in all material respects, based on criteria established in Internal Control — Integrated Framework issued by COSO.

Furthermore, in our opinion, ABC Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 20XX, based on criteria established in Internal Control — Integrated Framework issued by COSO.

In September 1992, the four volume report entitled Internal Control — Integrated Framework was released by COSO and later re-published with minor amendments in 1994.

Although COSO claims their expanded model provides more risk management, companies are not required to switch to the new model if they are using the Internal Control-Integrated Framework.

The COSO ERM Framework has eight Components and four objectives categories.

It is an expansion of the COSO Internal Control-Integrated Framework published in 1992 and amended in 1994.

Many opted for the COSO Internal Control Framework, which includes a risk assessment element.

In January 2009, COSO published its Guidance on Monitoring Internal Control Systems to clarify the monitoring component of internal control.

COSO defines internal control as, “ a process, influenced by an entity ’ s board of directors, management, and other personnel, that is designed to provide reasonable assurance in the effectiveness and efficiency of operations, reliability of financial reporting, and the compliance of applicable laws and regulations ”.

The COSO framework defines internal control as a process, effected by an entity's board of directors, management and other personnel, designed to provide " reasonable assurance " regarding the achievement of objectives in the following categories:

Companies have invested heavily in improving the quality of their internal controls ; however, COSO noted that many organizations do not fully understand the importance of the monitoring component of the COSO framework and the role it plays in streamlining the assessment process.

* CGAP ( Certified Government Auditing Professional ) conferred by the Institute of Internal Auditors, based on the US Government Auditing Standards ( Yellow Book ) and additionally on COSO, IIA standards and INTOSAI ISSAI standards recognized worldwide in public finance

COSO is supported by five supporting organizations, including the Institute of Management Accountants ( IMA ), the American Accounting Association ( AAA ), the American Institute of Certified Public Accountants ( AICPA ), the Institute of Internal Auditors ( IIA ) and Financial Executives International ( FEI ).

According to COSO, these components provide an effective framework for describing and analyzing the internal control system implemented in an organization as required by financial regulations ( see Securities Exchange Act of 1934 ,) The five components are the following:

CFO magazine reported that companies are struggling to apply the complex model provided by COSO.

CFO magazine continued by stating that many organizations are creating their own risk-and-control matrix by taking the COSO model and altering it to focus on the components that relate directly to Section 404 of the Sarbanes-Oxley Act.

In 2001, COSO initiated a project, and engaged PricewaterhouseCoopers, to develop a framework that would be readily usable by managements to evaluate and improve their organizations ' enterprise risk management.

Dartmouth features many magazines funded by its Council on Student Organizations ( COSO ) as well as at least two independently funded newspapers, The Dartmouth and the Dartmouth Review.

The Committee of Sponsoring Organizations of the Treadway Commission ( COSO ) is a voluntary private-sector organization, established in the United States, dedicated to providing thought leadership to executive management and governance entities on critical aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, and financial reporting.

The COSO internal control framework consists of five interrelated components derived from the way management runs a business.

COSO believes this framework expands on internal control, providing a more robust and extensive focus on the broader subject of enterprise risk management.

COSO admits in their report that while enterprise risk management provides important benefits, limitations exist.

It is positioned at a high level and has been aligned and harmonized with other, more detailed, IT standards and good practices such as COSO, ITIL, ISO 27000, CMMI, TOGAF and PMBOK.

In the COSO model, those objectives are applied to five key components ( monitoring, information and communication, control activities, risk assessment, and control environment ).

COSO has established a common internal control model against which companies and organizations may assess their control systems.

The Committee of Sponsoring Organizations of the Treadway Commission ( COSO ) identifies five components of internal control: control environment, risk assessment, control activities, information and communication and monitoring, that need to be in place to achieve financial reporting and disclosure objectives ; COBIT provide a similar detailed guidance for IT, while the interrelated Val IT concentrates on higher-level IT governance and value-for-money issues.

The five components of COSO can be visualized as the horizontal layers of a three-dimensional cube, with the COBIT objective domains-applying to each individually and in aggregate.

As a result of this initial report, the Committee of Sponsoring Organizations ( COSO ) was formed and it retained Coopers & Lybrand, a major CPA firm, to study the issues and author a report regarding an integrated framework of internal control.

" To do this, managers are generally adopting an internal control framework such as that described in COSO.

These new requirements are commonly referred to as the COSO Opinion.

ISACA's Risk IT framework ties IT risk to Enterprise risk management.

* Airmic / Alarm / IRM ( 2010 ) " A structured approach to Enterprise Risk Management ( ERM ) and the requirements of ISO 31000 " http :// www. theirm. org / documents / SARM_FINAL. pdf

Greater interdisciplinary cooperation is further evidenced by the February 2005 creation of the Alliance for Enterprise Security Risk Management, a joint venture including leading associations in security ( ASIS ), information security ( ISSA, the Information Systems Security Association ), and IT audit ( ISACA, the Information Systems Audit and Control Association ).

The two Associate-level designations are Associate of Society of Actuaries ( ASA ) and Chartered Enterprise Risk Analyst ( CERA ), which was introduced in 2007.

Two fellowship exams are taken in one of five specialization tracks chosen by the candidate-Finance & Enterprise Risk Management, Investments, Individual Life Insurance & Annuities, Retirement Benefits or Group & Health Insurance.

* Chartered Enterprise Risk Analyst designation page

In congressional testimony before the House Homeland Security Committee's Intelligence, Information Sharing and Terrorism Risk Assessment Subcommittee the Undersecretary of Homeland Security Charles Allen indicated on February 14, 2007, that he had established the " Domestic Open Source Enterprise " to support the Department's OSINT needs and that of state, local and tribal partners.

* CERA-The Chartered Enterprise Risk Analyst Credential-Society of Actuaries ( SOA )

In more complex organizations, they are generally responsible for coordinating the organization's Enterprise Risk Management ( ERM ) approach.

* Enterprise Risk Management

In 2003, the Enterprise Risk Management Committee of the Casualty Actuarial Society ( CAS ) issued its overview of ERM.

The CAS has specific stated ERM goals, including being " a leading supplier internationally of educational materials relating to Enterprise Risk Management ( ERM ) in the property casualty insurance arena ," and has sponsored research, development, and training of casualty actuaries in that regard.

In 2007, the Society of Actuaries developed the Chartered Enterprise Risk Analyst ( CERA ) credential in response to the growing field of enterprise risk management.

In March 2008, Enterprise Risk Management was adopted as one of the six actuarial practice areas, reflecting the increased involvement of actuaries in the ERM field.

From April 2010 actuaries were able to study ERM as one of the Specialist Technical Stage exams ( ST9 course information ), which ( with other exam passes ) gives candidates the Chartered Enterprise Risk Actuary ( CERA ) qualification.

* Airmic / Alarm / IRM ( 2010 ) " A structured approach to Enterprise Risk Management ( ERM ) and the requirements of ISO 31000 "

de: Enterprise Risk Management

it: Enterprise Risk Management

Oracle Financial Services Analytical Applications for Enterprise Risk Management