business that needs you to develop a plan for an effective Enterprise Risk Management ( ERM ) program . In the past , ERM has not been a priority for the organization . Failed corporate security audits , data breaches , and recent news stories have convinced the Board of Directors that they must address these weaknesses . As a result , the CEO has tasked you to create a brief overview of ERM and provide recommendations for establishing an effective ERM program that will be used as a basis to address this area moving forward .
Write a three to four ( 3-4 ) page paper in which you : 1 . Summarize the COSO Risk Management Framework and COSO ’ s ERM process . 2 . Recommend to management the approach that they need to take to implement an effective ERM program . Include the issues and organizational impact they might encounter if they do not implement an effective ERM program . 3 . Analyze the methods for establishing key risk indicators ( KRIs ). 4 . Suggest the approach that the organization needs to take in order to link the KRIs with the organization ’ s strategic initiatives . 5 . Use at least three ( 3 ) quality resources in this assignment ( in addition to and that support the documents from the COSO Website referenced in this assignment ). Note : Wikipedia and similar Websites do not qualify as quality resources . Your assignment must follow these formatting requirements :
· Be typed , double spaced , using Times New Roman font ( size 12 ), with one-inch margins on all sides ; citations and references must follow APA or school-specific format . Check with your professor for any additional instructions .
· Include a cover page containing the title of the assignment , the student ’ s name , the professor ’ s name , the course title , and the date . The cover page and the reference page are not included in the required assignment page length . The specific course learning outcomes associated with this assignment are :
· Describe the COSO enterprise risk management framework .
· Describe the process of performing effective information technology audits and general controls .