Reference no: EM131153207
The following material may be useful for the completion of this assignment. You may refer to the documents titled "Embracing Enterprise Risk Management: Practical Approaches for Getting Started" and "Developing Key Risk Indicators to Strengthen Enterprise Risk Management", located at https://www.coso.org/-ERM.htm.
Imagine you are an Information Technology Manager employed by a business that needs you to develop a plan for an effective Enterprise Risk Management (ERM) program. In the past, ERM has not been a priority for the organization. Failed corporate security audits, data breaches, and recent news stories have convinced the Board of Directors that they must address these weaknesses. As a result, the CEO has tasked you to create a brief overview of ERM and provide recommendations for establishing an effective ERM program that will be used as a basis to address this area moving forward.
Write a three to four (3-4) page paper in which you:
Summarize the COSO Risk Management Framework and COSO's ERM process.
Recommend to management the approach that they need to take to implement an effective ERM program. Include the issues and organizational impact they might encounter if they do not implement an effective ERM program.
Analyze the methods for establishing key risk indicators (KRIs).
Suggest the approach that the organization needs to take in order to link the KRIs with the organization's strategic initiatives.
Use at least three (3) quality resources in this assignment (in addition to and that support the documents from the COSO Website referenced in this assignment). Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
Describe the COSO enterprise risk management framework.
Describe the process of performing effective information technology audits and general controls.
Use technology and information resources to research issues in information technology audit and control.
Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
|
Describe the rational-empirical approach to change
: Describe the rational-empirical approach to change. What things might a change management plan address under this approach? Describe the normative-reeducation approach to change. What things might a change management plan address under this approach?
|
|
How does working effectively on a team
: Based on your self-assessment, what do you see as your strengths and weaknesses regarding working on a team? Have you ever engaged in social loafing while on a team? Why or why not? How does working effectively on a team give you an advantage in the ..
|
|
The role of power in negotiating
: Legitimate power belongs to someone who occupies a particular job, office, or position in an organizational hierarchy. Discuss the difference between power and authority. Then, present a scenario/situation where it IS preferable to utilize legitimate..
|
|
Evaluate how successful the author was in convincing you
: Evaluate how successful the author was in convincing you to accept the validity of the "surprise ending" that was different from what you expected.
|
|
Describe the coso enterprise risk management framework
: Summarize the COSO Risk Management Framework and COSO's ERM process. Recommend to management the approach that they need to take to implement an effective ERM program. Include the issues and organizational impact they might encounter if they do no..
|
|
More important consideration for the average employer
: Taking into account all the new technologies in the workplace, as compared to even fifteen or twenty years ago, and considering the events of September 11, 2001, in general, is employee privacy or workplace safety the more important consideration for..
|
|
Difference between secondary and primary data
: The major difference between secondary and primary data is that secondary data are:
|
|
Analyze relevant components of trade agreements
: Analyze relevant components of trade agreements between your company's home country and the U.S. Analyze U.S. culture and provide data on laws, trade issues, economic issues and other relevant background information. State the rationale for the selec..
|
|
How two sources with same settings have both differing views
: Using the Supplemental Reading, Mayflower by Nathaniel Philbrick and the American Experience film, The Pilgrims, analyze how these two sources with some of the same settings, characters and background have both differing and corresponding views.
|