COSO ENTERPRISE RISK MANAGEMENT: Establishing Effective Governance, Risk, and Compliance Processes -- Contents -- Preface -- Chapter 1: Introduction: Enterprise Risk Management Today -- The COSO Internal Controls Framework: How Did We Get Here? -- The COSO Internal Controls Framework -- COSO Internal Controls: The Principal Recognized Internal Controls Standard -- An Introduction to COSO ERM -- Governance, Risk, and Compliance -- Global Computer Products: Our Example Company -- Chapter 2: Importance of Governance, Risk, and Compliance Principles -- Road to Effective GRC Principles -- Importance of GRC Governance -- Risk Management Component of GRC -- GRC and Enterprise Compliance -- Importance of Effective GRC Practices and Principles -- Chapter 3: Risk Management Fundamentals -- Fundamentals: Risk Management Phases -- Other Risk Assessment Techniques -- Chapter 4: COSO ERM Framework -- ERM Definitions and Objectives: A Portfolio View of Risk -- COSO ERM Framework Model -- Other Dimensions of the ERM Framework -- Chapter 5: Implementing ERM in the Enterprise -- Roles and Responsibilities of an Enterprise Risk Management Function -- Risk Management Policies, Standards, and Strategies -- Business, IT, and Risk Transfer Processes -- Risk Management Reviews and Corrective Action Practices -- ERM Communications Approaches -- CRO and an Effective Enterprise Risk Management Function -- Chapter 6: Importance of Strong Enterprise Governance Practices -- History and Background of Enterprise Governance: A U.S. Perspective -- Enterprise Integrity and Ethical Behavior -- Disclosure and Transparency -- Rights and Equitable Treatment of Shareholders and Key Stakeholders -- Governance Role and Responsibilities of the Board -- Governance as a Key Element of GRC -- Chapter 7: Enterprise Compliance Issues Today -- Compliance Issues Today.

Establish a Compliance Assessment Team -- Compliance Risk Assessments and Compliance Program Reviews -- Work Unit-Level Compliance Tracking and Review Processes -- Compliance-Related Procedures and Staff Education Programs -- Enterprise Hotline Compliance and Whistleblower Support -- Assessing the Overall Enterprise Compliance Program -- Chapter 8: Integrating ERM with COSO Internal Controls -- COSO Internal Controls Background and Earlier Legislation -- Efforts Leading to the Treadway Commission -- COSO Internal Controls Framework -- COSO Internal Controls and COSO ERM: Compared -- Chapter 9: Sarbanes-Oxley and Enterprise Risk Management Concerns -- Sarbanes-Oxley Act Background -- SOx Legislation Overview -- Enterprise Risk Management and SOx Section 404 Reviews -- Internal Controls Reporting and Materiality -- PCAOB Risk-Based Auditing Standards -- Sarbanes-Oxley: The Other Sections -- SOx and COSO ERM -- Chapter 10: Corporate Culture and Risk Portfolio Management -- Whistleblower and Hotline Functions -- Risk Portfolio Management -- Integrated Enterprise-Wide Risk Management -- Chapter 11: OCEG Capability Model GRC Standards -- GRC Capability Model ''Red Book'' -- Other OCEG Materials: The ''Burgundy Book'' -- Level and Scope of the OCEG Standards-Setting Authority -- Chapter 12: Importance of GRC Principles in the Board Room -- Board Decisions and Risk Management -- Board Organization and Governance Rules -- Corporate Charters and the Board Committee Structure -- Audit Committees and Managing Risks -- Establishing a Board-Level Risk Committee -- Audit and Risk Committee Coordination -- COSO ERM and Corporate Governance -- Chapter 13: Role of Internal Audit in Enterprise Risk Management -- Internal Audit Standards for Evaluating Risk -- COSO ERM for More Effective Internal Audit Planning -- Risk-Based Internal Audit Findings and Recommendations.

COSO ERM and Internal Audit -- Chapter 14: Understanding Project Management Risks -- Project Management Process -- PMBOK® Guide: A Guide to the Project Management Book of Knowledge -- PMBOK® Guide's Project Manager Risk Management Approach -- Project-Related Risks: What Can Go Wrong -- Implementing ERM for Project Managers -- Chapter 15: Information Technology and Enterprise Risk Management -- IT and the COSO ERM Framework -- IT Application Systems Risks -- Effective IT Continuity Planning -- Worms, Viruses, and System Network Risks -- IT and Effective ERM Processes -- Chapter 16: Establishing an Effective GRC Culture throughout the Enterprise -- First Steps to Establishing a GRC Culture: An Example -- Promoting the Concept of Enterprise Risk -- Establishing of Enterprise-Wide Governance Awareness -- Enterprise Codes of Conduct -- Building a GRC Culture: Risk, Governance, and Compliance Education Programs -- Keeping the GRC Culture Current -- Chapter 17: ISO 31000 and 38500 Risk Management Worldwide Standards -- ISO Standards-Setting Process -- Understanding ISO 31000 -- ISO 38500: The Corporate Governance of IT -- Implementing an ISO Standard -- Chapter 18: ERM and GRC Principles Going Forward -- ERM and GRC for the Internal Controls Professional -- COSO's Ongoing Support Role -- COSO ERM and GRC Future Prospects -- About the Author -- Index.