Abstract
This paper aims to discuss the concepts and methodological issues of enterprise risk management (ERM). The case study of company A shows that ERM has been implemented and integrated with management control as a means of monitoring its subsidiaries. First, ERM system was implemented through comprehensive review of corporate risk policies, risk management processes, roles and responsibilities, and risk culture. Second, company A integrated ERM with the existing management control system in order to evaluate the risk underlying the current management activities. Finally, ERM implementation was expanded to all subsidiaries so that each business unit would be delegated for its own risk management. This paper provides insight on the process how group-level internal auditors can use ERM as a tool to manage risk of subsidiaries, thereby filling the gap between academic research and practice. This successful ERM adoption case can be used as a guideline for other organizations, which plan to adopt ERM with reduced costs and improved processes.
Highlights
Bankruptcies of Enron and Worldcom in early 2000s proved that companies which achieved shortterm growth and profitability through fraudulent accounting and falsehood contracting failed
This paper provides insight on the process how group-level internal auditors can use enterprise risk management (ERM) as a tool to manage risk of subsidiaries, thereby filling the gap between academic research and practice
Enterprise risk management (ERM) has emerged as a paradigm for managing various kinds of risks faced by organizations, and the trend is to focus on its role in improving risk management and enterprise value
Summary
Corporate control itself does not create value. Rather, it is a mechanism that can be used to manage an entity’s objective, strategies, and risk. In responding to demands of external environment, internal audit function hasexpanded and become a department in charge of ERM, playing a leading role in monitoringvarious ERM components (information & communication, control activities, risk response, risk assessment, event identification, objective setting, internal environment) based on COSO 2 ERM Framework. Strategic Reporting Compliance Monitoring Information & communication Control activities Risk response Risk assessment Event identification Objective setting Internal environment. A continuous audit is generally defined as “a methodology that enables independent auditors to provide written assurance on a subject matter, for which an entity’s management is responsible, using a series of auditors’ reports issued virtually simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter (CICA/AICPA Committee, 1999)” As confirmed by this definition, a continuous audit requires auditors with expertise who can monitor information processed through ERP system and a continuous monitoring system as an infrastructure that can be utilized by auditors. This will enable comprehensive risk management at process level, which is the main concern of strategic risk management and continuous audit system
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
