Preface.

Chapter 1: Enterprise Risk Management Overview.

ERM Introduction.

Guidance: History and Relationship.

Organization View.

ERM Today.

Increased Pressure to Manage Risk.

Additional Evidence.

Perceived Barriers to Risk Management.

Building the Business Case for ERM: Value and Benefits.

Keys to Success.

Summary.

Chapter 2: Corporate Governance and Roles and Responsibilities.

Board Behavior.

Corporate Culture.

Roles and Responsibilities.

Summary.

Chapter 3: ERM Defined.

Definitions and Concepts

Risk Categories.

The Internal Environment.

Summary.

Notes.

Chapter 4: The ERM Process: Step by Step.

Step 1: Strategy and Objective Definition.

Step 2: Event Identification.

Step 3: Risk Assessment.

Step 4: Risk Response.

Step 5: Communication.

Step 6: Monitoring.

Oversight.

Summary.

Notes.

Chapter 5: COSO Framework and Financial Controls.

Focus on Financial Controls.

Control Environment.

Integrity and Ethical Values.

Board of Directors.

Management′s Philosophy and Operating Style.

Organizational Structure.

Financial Reporting Competencies.

Authority and Responsibility.

Human Resources.

Summary

Notes.

Appendix 5A: Whistleblower Program.

Reports Regarding Accounting Matters.

Investigation of Suspected Violations.

Discipline for Violations.

Appendix 5B: Excerpt from a Code of Ethics Policy.

1.0 Our Guiding Principles and Values.

2.0 Conflicts of Interest.

3.0 Confidential Information; Intellectual Property.

Appendix 5C: Approval Policy and Procedures.

Policy.

Purpose.

Scope.

Approvals/Documentation.

Chapter 6: Financial Controls and Risk Assessment.

Risk Assessment.

Financial Reporting Objectives.

Financial Reporting Risks.

Fraud Risk.

Entity–Level Controls.

Example: Risk Assessment and Financial Controls.

Evaluating Deficiencies.

Summary.

Notes.

Appendix 6A: Entity Level Control Assessment.

Control Assessment Overview.

Control Environment.

Overall Evaluation of Control Environment.

Risk Assessment.

Overall Evaluation of Risk Assessment.

Control Activities.

Overall Evaluation of Control Activities.

Information and Communication.

Overall Evaluation of Information and Communication.

Monitoring.

Overall Evaluation of Monitoring.

Summary Assessment.

Overall Assessment of Internal Controls.

Appendix 6B: Accounts Payable: Preliminary Controls Assessment Questionnaire.

Purchasing Controls Questionnaire.

Internal Control Assessment.

Appendix 6C: Fraud Risk Factors: AU Section 316.

Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting.

Chapter 7: Ongoing Compliance Overview.

Origin of Sarbanes–Oxley Act.

Generating Value from Compliance.

Moving beyond Initial Compliance.

Reevaluating the Compliance Program.

Summary.

Chapter 8: Ongoing Compliance Challenges.

Future State Opportunity: Compliance Optimization.

Issues to Consider When Optimizing Compliance.

Ongoing Compliance Plan.

Role of Internal Audit: Balancing the Compliance and Audit Functions.

The Evolving Role of the Audit Committee.

Summary.

Chapter 9: Addressing Compliance and Risk Management Challenges through Automation.

Software Can Add Value beyond Compliance.

Monitoring Software.

Utilization of Continuous Monitoring: Control Testing and Control Automation.

Benefits of Continuous Monitoring.

Continuous Monitoring Tool Considerations.

Continuous Monitoring Process.

Risk Management Software.

Unifying Financial Statements, Close Tasks, and SOX Controls.

Determining the Right Solution.

Summary.

Notes.

Chapter 10: Ongoing Compliance and IFRS

International Financial Reporting Standards.

Communicating the Impact.

Preparing for International Financial Reporting Standards.

Comprehensive IFRS Transition Approach.

Key Elements of an Effective IFRS Implementation.

Summary.

About the Author.

Index.

Anne M. Marchetti has twenty–five years of finance and accounting experience in both private industry and public accounting. She is a Sarbanes–Oxley subject matter expert focused on the design, implementation, analysis, and optimization of internal control systems and corporate governance programs. Ms. Marchetti has worked globally with both public and private entities in most industries as well as organizations of all sizes. She regularly interacts with Big Four, middle market, and local external audit firms as a liaison on behalf of these organizations. She is a member of the AICPA faculty and is the author of Beyond Sarbanes–Oxley Compliance: Effective Enterprise Risk Management and Sarbanes–Oxley Ongoing Compliance Guide, both published by Wiley.

Guard your organization from losses with this ultimate, step–by–step guide to risk management

Myth: Implementing an ERM program is a long, painful process

Myth: An ERM program is too expensive to sustain

Myth: An ERM program has minimal perceived value

Fact: Enterprise Risk Management Best Practices takes you step–by–step through the entire process of getting a cost–effective risk management program up and running in any organization, regardless of its size, structure, and culture.

Written by Sarbanes–Oxley expert Anne Marchetti, Enterprise Risk Management Best Practices proves that you do not need a huge investment of time, expertise, resources, and dollars to build, design, and ??sustain an effective ERM program that shields you from risk and allows you to act on profitable opportunities.

Addressing the development of programs in two major areas enterprise risk management and ongoing compliance Enterprise Risk Management Best Practices provides a simplified explanation of related concepts to help demystify this deceptively easy–to–execute program.

In this hands–on guide, you′ll discover how to:

• Assign roles and responsibilities through a corporate governance/organizational framework

• Use risk management offensively instead of the more common defensive reaction to incident occurrence

• Launch a formal company–wide risk assessment executed by the upper echelon staff

• Take intelligent risks through a well–designed risk management program

• Implement the process with step–by–step, user–friendly directions

• Apply the risk assessment process to your financial controls

• Use technology effectively in your program

Optimize your company′s risk profile with the user–friendly tools and strategies found in Enterprise Risk Management Best Practices.