it audit and control

Assignment: ERM Roadmap

The following material may be useful for the completion of this assignment. You may refer to the documents titled “Embracing Enterprise Risk Management: Practical Approaches for Getting Started” and “Developing Key Risk Indicators to Strengthen Enterprise Risk Management”, located at http://www.coso.org/-ERM.htm.

Imagine you are an Information Technology Manager employed by a business that needs you to develop a plan for an effective Enterprise Risk Management (ERM) program. In the past, ERM has not been a priority for the organization. Failed corporate security audits, data breaches, and recent news stories have convinced the Board of Directors that they must address these weaknesses. As a result, the CEO has tasked you to create a brief overview of ERM and provide recommendations for establishing an effective ERM program that will be used as a basis to address this area moving forward.

Write a three to four (3-4) page paper in which you:

  1. Summarize the COSO Risk Management Framework and COSO’s ERM process.
  2. Recommend to management the approach that they need to take to implement an effective ERM program. Include the issues and organizational impact they might encounter if they do not implement an effective ERM program.
  3. Analyze the methods for establishing key risk indicators (KRIs).
  4. Suggest the approach that the organization needs to take in order to link the KRIs with the organization’s strategic initiatives.
  5. Use at least three (3) quality resources in this assignment (in addition to and that support the documents from the COSO Website referenced in this assignment). Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

  • Describe the COSO enterprise risk management framework.
  • Describe the process of performing effective information technology audits and general controls.
  • Use technology and information resources to research issues in information technology audit and control.
  • Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
  • Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

Points: 125

Assignment 1:ERM Roadmap

Criteria

Unacceptable

Below 70% F

Fair

70-79% C

Proficient

80-89% B

Exemplary

90-100% A

1. Summarize the COSO Risk Management Framework and COSO’s ERM process.

Weight: 20%

Did not submit or incompletely summarized the COSO Risk Management Framework and COSO’s ERM process.

Partially summarized the COSO Risk Management Framework and COSO’s ERM process.

Satisfactorily summarized the COSO Risk Management Framework and COSO’s ERM process.

Thoroughly summarized the COSO Risk Management Framework and COSO’s ERM process.

2. Recommend to management the approach that they need to take to implement an effective ERM program.Include the issues and organizational impact they might encounter if they do not implement an effective ERM program.
Weight: 25%

Did not submit or incompletely recommended to management the approach that they need to take to implement an effective ERM program. Did not submit or incompletely included the issues and organizational impact they might encounter if they do not implement an effective ERM program.

Partially recommended to management the approach that they need to take to implement an effective ERM program. Partially included the issues and organizational impact they might encounter if they do not implement an effective ERM program.

Satisfactorily recommended to management the approach that they need to take to implement an effective ERM program. Satisfactorily included the issues and organizational impact they might encounter if they do not implement an effective ERM program.

Thoroughly recommended to management the approach that they need to take to implement an effective ERM program. Thoroughly included the issues and organizational impact they might encounter if they do not implement an effective ERM program.

3. Analyze the methods for establishing key risk indicators.

Weight: 20%

Did not submit or incompletely analyzed the methods for establishing key risk indicators.

Partially analyzed the methods for establishing key risk indicators.

Satisfactorily analyzed the methods for establishing key risk indicators.

Thoroughly analyzed the methods for establishing key risk indicators.

4. Suggest the approach that the organization needs to take in order to link the KRIs with the organization’s strategic initiatives.

Weight: 20%

Did not submit or incompletely suggested the approach that the organization needs to take in order to link the KRIs with the organization’s strategic initiatives.

Partially suggested the approach that the organization needs to take in order to link the KRIs with the organization’s strategic initiatives.

Satisfactorily suggested the approach that the organization needs to take in order to link the KRIs with the organization’s strategic initiatives.

Thoroughly suggested the approach that the organization needs to take in order to link the KRIs with the organization’s strategic initiatives.

5. 3 references

Weight: 5%

No references provided

Does not meet the required number of references; some or all references poor quality choices.

Meets number of required references; all references high quality choices.

Exceeds number of required references; all references high quality choices.

6. Clarity, writing mechanics, and formatting requirements

Weight: 10%

More than 6 errors present

5-6 errors present

3-4 errors present

0-2 errors present