COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance (GRC) Processes [NOOK Book]


A fully updated, step-by-step guide for implementing COSO's Enterprise Risk Management

COSO Enterprise Risk Management, Second Edition clearly enables organizations of all types and sizes to understand and better manage their risk environments and make better decisions through use of the COSO ERM framework. The Second Edition discusses the latest trends and pronouncements that have affected COSO ERM and explores new topics, including the ...

See more details below
COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance (GRC) Processes

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$42.99 price
(Save 42%)$75.00 List Price
Note: This NOOK Book can be purchased in bulk. Please email us for more information.


A fully updated, step-by-step guide for implementing COSO's Enterprise Risk Management

COSO Enterprise Risk Management, Second Edition clearly enables organizations of all types and sizes to understand and better manage their risk environments and make better decisions through use of the COSO ERM framework. The Second Edition discusses the latest trends and pronouncements that have affected COSO ERM and explores new topics, including the PCAOB's release of AS5; ISACA's recently revised CobiT; and the recently released IIA Standards.

  • Offers you expert advice on how to carry out internal control responsibilities more efficiently
  • Updates you on the ins and outs of the COSO Report and its emergence as the new platform for understanding all aspects of risk in today's organization
  • Shows you how an effective risk management program, following COSO ERM, can help your organization to better comply with the Sarbanes-Oxley Act
  • Knowledgeably explains how to implement an effective ERM program

Preparing professionals develop and follow an effective risk culture, COSO Enterprise Risk Management, Second Edition is the fully revised, invaluable working resource that will show you how to identify risks, avoid pitfalls within your corporation, and keep it moving ahead of the competition.

Read More Show Less

Product Details

  • ISBN-13: 9781118102541
  • Publisher: Wiley
  • Publication date: 7/26/2011
  • Series: Wiley Corporate F&A , #560
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 2
  • Pages: 400
  • File size: 2 MB

Meet the Author

Robert R. Moeller, CPA, CISA, CISSP, is an internal audit specialist and project manager with a strong understanding of business risk management, information systems, corporate governance, and security. He has over twenty-five years of experience in internal auditing, ranging from launching new internal audit functions in several companies to serving as audit director for a Fortune 50 corporation. Formerly national director of computer auditing at Grant Thornton and internal audit director at Sears Roebuck, he is the author of six books published by Wiley. He is the former president of the Institute of Internal Auditors' Chicago chapter and the former chair of the AICPA's Computer Audit Subcommittee.

Read More Show Less

Table of Contents

Preface xi

Chapter 1: Introduction: Enterprise Risk Management Today 1

The COSO Internal Controls Framework: How Did We Get Here? 2

The COSO Internal Controls Framework 3

COSO Internal Controls: The Principal Recognized Internal Controls Standard 14

An Introduction to COSO ERM 14

Governance, Risk, and Compliance 15

Global Computer Products: Our Example Company 16

Chapter 2: Importance of Governance, Risk, and Compliance Principles 21

Road to Effective GRC Principles 22

Importance of GRC Governance 23

Risk Management Component of GRC 25

GRC and Enterprise Compliance 26

Importance of Effective GRC Practices and Principles 28

Chapter 3: Risk Management Fundamentals 31

Fundamentals: Risk Management Phases 32

Other Risk Assessment Techniques 45

Chapter 4: COSO ERM Framework 51

ERM Definitions and Objectives: A Portfolio View of Risk 51

COSO ERM Framework Model 55

Other Dimensions of the ERM Framework 86

Chapter 5: Implementing ERM in the Enterprise 89

Roles and Responsibilities of an Enterprise Risk Management Function 90

Risk Management Policies, Standards, and Strategies 100

Business, IT, and Risk Transfer Processes 105

Risk Management Reviews and Corrective Action Practices 108

ERM Communications Approaches 112

CRO and an Effective Enterprise Risk Management Function 113

Chapter 6: Importance of Strong Enterprise Governance Practices 115

History and Background of Enterprise Governance: A U.S. Perspective 116

Enterprise Integrity and Ethical Behavior 119

Disclosure and Transparency 125

Rights and Equitable Treatment of Shareholders and Key Stakeholders 126

Governance Role and Responsibilities of the Board 128

Governance as a Key Element of GRC 128

Chapter 7: Enterprise Compliance Issues Today 131

Compliance Issues Today 132

Establish a Compliance Assessment Team 133

Compliance Risk Assessments and Compliance Program Reviews 136

Work Unit–Level Compliance Tracking and Review Processes 138

Compliance-Related Procedures and Staff Education Programs 141

Enterprise Hotline Compliance and Whistleblower Support 142

Assessing the Overall Enterprise Compliance Program 144

Chapter 8: Integrating ERM with COSO Internal Controls 147

COSO Internal Controls Background and Earlier Legislation 147

Efforts Leading to the Treadway Commission 151

COSO Internal Controls Framework 156

COSO Internal Controls and COSO ERM: Compared 174

Chapter 9: Sarbanes-Oxley and Enterprise Risk Management Concerns 177

Sarbanes-Oxley Act Background 177

SOx Legislation Overview 179

Enterprise Risk Management and SOx Section 404 Reviews 193

Internal Controls Reporting and Materiality 198

PCAOB Risk-Based Auditing Standards 199

Sarbanes-Oxley: The Other Sections 200

SOx and COSO ERM 201

Chapter 10: Corporate Culture and Risk Portfolio Management 203

Whistleblower and Hotline Functions 204

Risk Portfolio Management 208

Integrated Enterprise-Wide Risk Management 211

Chapter 11: OCEG Capability Model GRC Standards 215

GRC Capability Model ‘‘Red Book’’ 215

Other OCEG Materials: The ‘‘Burgundy Book’’ 223

Level and Scope of the OCEG Standards-Setting Authority 224

Chapter 12: Importance of GRC Principles in the Board Room 225

Board Decisions and Risk Management 226

Board Organization and Governance Rules 230

Corporate Charters and the Board Committee Structure 231

Audit Committees and Managing Risks 235

Establishing a Board-Level Risk Committee 238

Audit and Risk Committee Coordination 244

COSO ERM and Corporate Governance 245

Chapter 13: Role of Internal Audit in Enterprise Risk Management 247

Internal Audit Standards for Evaluating Risk 248

COSO ERM for More Effective Internal Audit Planning 251

Risk-Based Internal Audit Findings and Recommendations 264

COSO ERM and Internal Audit 265

Chapter 14: Understanding Project Management Risks 267

Project Management Process 268

PMBOK1 Guide: A Guide to the Project Management Book of Knowledge 269

PMBOK1 Guide’s Project Manager Risk Management Approach 272

Project-Related Risks: What Can Go Wrong 282

Implementing ERM for Project Managers 285

Chapter 15: Information Technology and Enterprise Risk Management 291

IT and the COSO ERM Framework 292

IT Application Systems Risks 294

Effective IT Continuity Planning 302

Worms, Viruses, and System Network Risks 307

IT and Effective ERM Processes 309

Chapter 16: Establishing an Effective GRC Culture throughout the Enterprise 311

First Steps to Establishing a GRC Culture: An Example 312

Promoting the Concept of Enterprise Risk 314

Establishing of Enterprise-Wide Governance Awareness 319

Enterprise Codes of Conduct 323

Building a GRC Culture: Risk, Governance, and Compliance Education Programs 326

Keeping the GRC Culture Current 327

Chapter 17: ISO 31000 and 38500 Risk Management Worldwide Standards 331

ISO Standards-Setting Process 332

Understanding ISO 31000 334

ISO 38500: The Corporate Governance of IT 337

Implementing an ISO Standard 340

Chapter 18: ERM and GRC Principles Going Forward 343

ERM and GRC for the Internal Controls Professional 344

COSO’s Ongoing Support Role 347

COSO ERM and GRC Future Prospects 348

About the Author 351

Index 353

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)