November 14, 2005

Using Risk Management Frameworks

By Larry Lake, Protiviti Managing Director

The attached presentation was given at the annual conference of the Association of Healthcare Internal Auditors in 2005. These presentation addresses three primary topics:

  • What are Risk Management Frameworks and Why have them?
  • What is a Risk Control Matrix, COSO, COBIT, Risk Universe, Key Controls, Critical Controls?
  • Using them in SOA and ERM
The presentation illustrates a risk framework and risk control matrix, and defines Entity-level Controls, Process-Level Controls, and General IT and Application Controls.

It also defines and discusses control types:
  • Manual vs. System-based controls
  • Preventive vs. Detective controls
  • Key controls vs. Critical controls
  • Primary vs. secondary controls
  • Controls over routine processes vs. controls over non-routine processes
Descriptions and details are provided for the COSO framework, the COSO ERM framework and the COBIT framework. The presentation concludes by discussing the elements and implementation of an Enterprise Risk Management solution.


View the full presentation:

Using Risk Management Frameworks.ppt

(51 pages, 6.6 MB)

SIGN UP FOR A 30-DAY FREE TRIAL

We invite you to use the tools and resources within KnowledgeLeader for free for 30 days so you can discover for yourself how this service will improve your internal audit and risk management capabilities.

Your free trial will expire automatically. There is no obligation to purchase a subscription.

   

LEARN MORE