Risk Management Best Practices
Assessment to Ongoing Compliance)
Anne Marie Marchetti
Translators: Dr. Hossein
Dr. Mahdi Pandar
Abolfazl Gholami, Mohammadreza
Many organizations try to implement Enterprise Risk Management
(ERM) program. Many of them involve in their organizational duties; so that
they have been aware that they do not have expertise, sources, time and
financial sources required for designing and implementing risk management in
their organizations efficiently. On the other hand, organizations have been
very less aware of the role-making value of efficient risk management in
advancement of their organizational goals.
In this book, it is tried to disambiguate the ERM concepts with
simple words and explain it scientifically in order to be used in the goal of
implementing this approach well. In fact, this book follows simplification of complex
concepts of risk management and simplifying its executive processes in
organization. This model affects efficiently and positively in organizations on
organizational costs and its implementation can have an effective role on
financial function of organization.
This book consists of ten chapters. The general approach of the
book explains the concept of ERM and close and similar concepts. The first
chapter explains ERM, its evolution from past to present and sample of
implementation of this approach.
Chapter 2 explains theoretical principles of organizational culture
to provide the context for ERM approach entrance in organizations. In this
chapter, organizational roles and responsibilities are considered and
backgrounds of organization that they can involve in implementing this approach
In chapter three, ERM framework is scrutinized and its components
are explained. Related definitions and concepts are explained well and in
simple language and components of integrated risk management framework are
considered. In the end, the role of board of directors about organizational
risks and intervention areas of risk management in organizations are explained.
In chapter 4, the author explains ERM stages step-by-step. Strategy
and goal definitions, event identification, risk evaluation, risk response,
communications and monitoring ERM 6-stage in organizations are in this chapter.
COSO framework is scrutinized in chapter 5 and integrated risk
management framework is explained more exactly. On the other
hand a link between the risk management framework and financial structure is
established and financial controls in organization are examined. One
of the main functions of financial reports, evaluating organizational risks, is
considered well here. All organizational affairs related to risk management are
explained in this chapter in accordance with COSO standard.
In chapter 6, risk evaluation as the second component of monitoring
committee framework on organizations of supporting commission “COSO” is
considered under the form of financial controls and three principles related to
risk evaluation including financial reporting goals, financial reporting risk,
fraud risks and finally an example aimed to risk evaluation and financial
controls are explained.
The author explains Oxley Sarbanes Act (SOX) as a law for accuracy
and transparency improvement of financial reporting and disclosure of companies
in chapter 7 and follows issues in order to improve the companies’ ethical standards
importance. This law has resulted in importing enterprises in organizational
structure reevaluation and domestic controls system that these issues are
discussed in this chapter. The centrality of this principle is based on compliance of
businesses with SOX. And its effects, necessities and different aspects are in
In chapter 8 and 9, difficulties of constant compliance of
enterprise with SOX are discussed and regarding organizations’ neglect of risk
management and risk evaluation and as a result constant compliance with SOX
have been discussed and internal auditing has been introduced as a creator of balance
between compliance and auditing operations. On the other hand, automation
process is introduced as an instrument for implementing constant compliance
process more efficient and with lower cost and controls’ experiment, controls’ automation
and the process and advantages of continuous monitoring.
Chapter 10 explains International Financial Report Standard (IFRS)
and continuous compliance in the form of these standards. This standard is
considered as the biggest event in auditing during 150 years ago. It provided
access possibility to higher quality financial information for investors and
shareholders. Its establishment and implementation creates a lot of challenges
for enterprises and companies and training this standard requires costs and
planning of companies’ projects. Also, it effects on processes, staffs,
companies’ program and evaluation.