Home > Free Essays > Business > Risk Management > Enterprise Risk Management as an Internal Control Framework

Enterprise Risk Management as an Internal Control Framework Research Paper

Exclusively available on IvyPanda Available only on IvyPanda
Updated: Sep 7th, 2021


Enterprise risk management (ERM) can be determined as a set of methods and processes that are utilized by organizations with the primary aim to manage risks that might emerge in the course of their development and mitigate their negative impacts (Hopkin 23). That is why the ERM framework presupposes the identification of existing events or processes important for a firm with the primary aim to reveal the probability of some unexpected outcomes or risks that will affect the strategy and development of this very organization (Green 24). Using this very framework, many companies acquire a chance to protect their business ventures from failures and create appropriate conditions for further evolution. For this reason, the ERM framework remains a potent tool that involves many stakeholders such as employees, clients, owners, authorities, and other significant agents (Hagen 56). Analyzing how all these agents cooperate and influence a firm with the help of ERM, a specialist acquires an opportunity to avoid complications.

The main principles of this framework are:

  • Identification – to correctly identify the activity that should be evaluated
  • Analysis – in-depth investigation of the selected issue to determine if any risks exist
  • Integration – can be performed via the evaluation of possible outcomes and their impact on the organization
  • Prioritization – range existing risks to decide what factors should be considered and provided attention first
  • Risk management – creation and implementation of strategies to avoid or minimize the negative impact of undesired factors
  • Monitoring – continuous monitoring of current setting to avoid new similar cases (Yadunath)

These main principles of the ERM framework show how it works and proves that the model can be implemented at any stage of the company’s development via the analysis of problematic areas and the introduction of appropriate measures to control its further evolution.

As any management tool, the ERM framework has its advantages and disadvantages that impact the sphere of its use and situations to which it can be applied


  • Simplicity – can be utilized by the majority of managers
  • Flexibility – fits different settings
  • Standardized risk reporting – uses well-known schemes
  • Focus on risk – helps to reveal problematic spheres
  • Effective use or resources – no need for additional expenses
  • Effective coordination – promotes a better understanding at different levels (Viscelli et al.)


  • Complex predictions – results of ERM’s application might be vague
  • External factors’ dependence – effectiveness of the model depends on many external variables
  • Integration with the strategy – the wrong strategy can be selected because of poor risk management
  • Time – the majority of activities demand time to be performed (Yadunath)

Nevertheless, despite these advantages and disadvantages, the ERM framework remains an important and effective method to improve the work of organizations by helping them to avoid critical failures.

The model can be implemented in several steps:

  • Define the existing problem or area that should be investigated because of its strategic importance
  • Perform the in-depth strategic analysis of all possible complications that might emerge in the course of the selected issue’s development
  • Outline the undesired effects with the highest probability and poor outcomes
  • Select a strategy that can help to minimize risks (avoidance, reduction, acceptance)
  • Continuous monitoring of the environment to remain informed
  • Effective internal audit to evaluate the state of the company (Hampton 89).

The given model shows that implementation of the ERM framework has several standard steps that should be made with the primary goal to avoid unexpected outcomes and create the basis for the future firm’s rise.

Case Study

new furniture is a successful local manufacturer and distributor of furniture and elements of design. The company has a stable income preconditioned by the interest of the target group. It consists of young and middle-aged people who want to buy new and fashionable sofas, armchairs, and other pieces. Because of the local success, high revenues, and accumulation of funds, the company starts developing a new strategy to enter the international market. It will help to move further and become a more significant player in this market segment.

To avoid failure, the ERM framework is used. The company outlines the risk of unsuccessful international development and starts to analyze all possible threats. The new working environment and culture of target areas are investigated. In accordance with the model, the firm devotes attention to the creation of ways how to avoid the risk of poor outcomes by analyzing all similar cases and assessing its current resources. The list of possible complications is created due to these activities, along with strategies to overcome them (Yadunath). Further monitoring of the situation is performed to remain informed about changes. Adhering to the ERM framework, the company manages to avoid risks and future failures.

Coco Internal Control Framework

Any modern company faces many challenges that might deteriorate its work. That is why there is a need for minimizing risks that can result in failure and improve the effectiveness of the financial sphere. These tasks are performed via specific controls that include procedures, processes, and many methods that are used by the top management to promote better effectiveness, and decision-making (Hutchins 76). Their monitoring can be performed via the criteria of control (CoCo) framework that is focused on the achievement of outstanding results by offering various aspects to be used by specialists. This approach was firstly introduced by the Canadian Institute of Chartered Accountants in 1995, and since that time has remained a topical and relevant method to attain success (Hutchins 76). Its focus on the most important elements of firms’ management ensures that the background for the further successful evolution will be created and significant risks avoided.

Coco Internal Control Framework can be determined as a model that presupposes the improved understanding of the way an organization functions via the introduction of objectives and strategies to deal with internal and external risks faced by the firm in the course of its evolution and growth. It includes multiple control criteria that are offered to make the work of managers who evaluate risks more effective (Blokdyk 87). The main areas that are emphasized by this approach are purpose, commitment, capability, monitoring, and learning (Lam 54). That is why there is a focus on the necessity to improve all these spheres to achieve positive outcomes and ensure that the company will continue to evolve. The main principles of CoCo presuppose effectiveness and efficiency of all operations, reliability of internal and external reporting as the key to success, and the need to follow regulations and policies (Lundqvist 400). In such a way, the framework helps to achieve better results by touching upon the vital aspects.

Implementation of the model presupposes several stages:

  • Creation of the criteria of control
  • Introduction of these criteria into the work of the company
  • Improvement of financial reporting
  • Monitoring of the situation
  • Better risk assessment
  • Elimination of possible risks of financial failures (Olson and Wo 91)

The flexibility of this model means that its implementation depends on existing peculiarities of companies’ functioning and what difficulties they face in the course of development. However, the main idea is to outline criteria relevant to the situation and adhere to them.

The basic principles of the CoCo framework are:

  • Continuity of internal control – it is a process that should be performed by managers
  • The critical role of employees – everyone should realize their role in the development of a certain project
  • Reasonable criteria should be offered – only the results of the analysis can be used for planning
  • Objectives’ achievement – the company should focus on following existing goals (Moeller, COSO Enterprise Risk Management 67)

The given major principles can be implemented into the company’s functioning via the creation of the environment that presupposes the strict observance of outlined rules and provision of workers with information that will help them to follow these central principles.

Case Study

GreenFarmCo is a local company growing and selling vegetables to communities in the area. Its products were traditionally demanded by customers because of the good combination of quality and price. It has a positive image among clients as it is a family-owned business that emphasizes the fact of its eco-friendly nature. However, during the last half of the year, the financial aspect of GreenFarmCo has transformed into a problematic issue. Despite the same level of interest from clients and purchases, there is a slight income in decline. The firm has run a new project aimed at growing fruits, but at the moment it seems too cost-demanding. In such a way, there is a critical need for the introduction of a framework that will help to evaluate the current situation and assess the further risks related to the company’s evolution.

Implementation of CoCo frameworks is expected to improve the situation and become one of the potent solutions. First, evaluation criteria should be introduced to deal with risks related to the new business venture presupposing growing fruits. These criteria include purpose, commitment, capability, and monitoring. The purpose is the improvement of the company’s work and generation of income. Commitment presupposes that current HR policies are effective. Capability stands for the firm’s ability to support the project. Monitoring presupposes the future analysis of data. At the moment, the company faces problems regarding capability as there is a lack of financial resources to guarantee the successful evolution of fruit-growing activities. That is why to improve its work, there is a critical need for the reduction of money spent on fruits to support the further rise.

COBIT Framework

The modern business sphere experiences a significant transformation because of the growing importance of technologies. That is why many managers need support on how to use information and technology (IT) in real-life conditions to optimize the work of the company, decrease various risks, and ensure that the best possible results are achieved. The demand for this tool results in the evolution of new methods and approaches on risk management that includes the improved knowledge on digital transformation and its role in the development of organizations (ISACA, “COBIT 2019 Framework”). COBIT framework can be considered one of the new paradigms that provide boards of directors and senior management with a set of tools that can be used to replace old practices and create new ones with the main goal to achieve success.

COBIT framework can be determined as an approach for management of organizations’ information and technology sector to guarantee that the topical purposes are taken into account and are accomplished with the help of the IT sector. In other words, the whole unit should be affected by this sort of activity with the primary aim to create the basis for successful technology implementation. The model differentiates between government and management to increase the effectiveness in both these spheres and achieve significant success. The main principles of the model include flexibility, openness, relevance, perspective application, and IT management (ISACA, “COBIT 2019 Framework”). These concepts precondition the high effectiveness of the approach and its ability to help companies.

The implementation of COBIT presupposes several stages:

  • Initiate the program – define what are the main drivers
  • define man problems – describe the current state of the company
  • create the road map – outline long and short term perspectives
  • plan all actions – determine what activities should be performed
  • work in accordance with the plan – guarantees achievement
  • analyze current achievement – analysis of available benefits to determine the effectiveness
  • review of the approach – helps to eliminate gaps and problems (ISACA, COBIT 2019 Implementation Guide 89)

This implementation plan shows the flexibility of the model and its ability to fit various companies’ needs.

There are also several principles peculiar to the model:

  • every company needs an effective governance system
  • an I&T system consists of multiple elements
  • a system should be flexible and dynamic
  • a system should be related to existing needs
  • a system should focus not only on the IT function but on the whole company (ISACA, “COBIT 2019 Framework”)

Observation of these principles guarantees the creation of an effective framework that can be used to achieve success.

Case Study

your comfort is a company that provides a range of delivery services to its clients, starting with food and ending with clothes. It is a popular company that is known for its ability to satisfy the diverse needs of loyal clients. The company utilizes a database that contains information about the preferable products of various customers, which helps it to work fast and effectively. However, with further growth, its ability to organize fast delivery decreases. There are numerous problems with the identification of the needed product and selection of the best possible time to provide clients with the required objects. It is associated with the problems in the IT sphere because of the inappropriate work of available databases and their inability to meet new diversified demands.

Implementation of COBIT as the primary tool to manage the sphere of information and technologies is expected to improve this sphere. First, it will help to show ways how to replace the old system with a new one. Management working for the company will be provided with the information about the use of new more effective database engines to possess knowledge about clients more effectively and guarantee that they will be provided with the needed products or other things in time (Moeller, Executive’s Guide to IT Governance 77). Moreover, the COBIT framework will help to use I&T in multiple spheres of the company’s work to improve HR management and guarantee that all workers will remain satisfied with their current position. In such a way, the use of the given model will contribute to the improved results of your comfort and help it to remain attractive to customers who appreciate fast and effective delivery.

Works Cited

Blokdyk, Gerardus. Cobit a Complete Guide. 5starcooks, 2018.

Green, Philip. Enterprise Risk Management: A Common Framework for the Entire Organization. Butterworth-Heinemann, 2015.

Hagen, Brian. The problem, Risk, and Opportunity Enterprise Management. Probabilistic Publishing, 2018.

Hampton, John. Fundamentals of Enterprise Risk Management: How Top Companies Assess Risk, Manage Exposure, and Seize Opportunity. 2nd ed., AMACOM, 2014.

Hopkin, Paul. Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management. 5th ed., Kogan Page, 2018.

Hutchins, Greg. ISO 31000: 2018 Enterprise Risk Management. Certified Enterprise Risk Manager (R) Academy, 2018.


COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution. ISACA, 2018.

Lam, James. Implementing Enterprise Risk Management: From Methods to Applications. Wiley, 2017.

Lundqvist, Sara A. “An Exploratory Study of Enterprise Risk Management: Pillars of ERM.” Journal of Accounting, Auditing & Finance, vol. 29, no. 3, 2014, pp. 393–429, Web.

Moeller, Robert. COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance Processes. 2nd ed., Wiley, 2011.

Executive’s Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL. Wiley, 2013.

Olson, David, and Desheng, Wo. Enterprise Risk Management Models. 2nd ed., Springer, 2017.

Viscelli, Therese R., et al. “Research Insights About Risk Governance: Implications from a Review of ERM Research.” SAGE Open, vol. 6, no. 4, 2016, Web.

Yadunath, Nityashree. Saviom, 2019, Web.

This research paper on Enterprise Risk Management as an Internal Control Framework was written and submitted by your fellow student. You are free to use it for research and reference purposes in order to write your own paper; however, you must cite it accordingly.
Removal Request
If you are the copyright owner of this paper and no longer wish to have your work published on IvyPanda.
Request the removal

Need a custom Research Paper sample written from scratch by
professional specifically for you?

801 certified writers online

Cite This paper
Select a referencing style:


IvyPanda. (2021, September 7). Enterprise Risk Management as an Internal Control Framework. https://ivypanda.com/essays/enterprise-risk-management-as-an-internal-control-framework/


IvyPanda. (2021, September 7). Enterprise Risk Management as an Internal Control Framework. Retrieved from https://ivypanda.com/essays/enterprise-risk-management-as-an-internal-control-framework/

Work Cited

"Enterprise Risk Management as an Internal Control Framework." IvyPanda, 7 Sept. 2021, ivypanda.com/essays/enterprise-risk-management-as-an-internal-control-framework/.

1. IvyPanda. "Enterprise Risk Management as an Internal Control Framework." September 7, 2021. https://ivypanda.com/essays/enterprise-risk-management-as-an-internal-control-framework/.


IvyPanda. "Enterprise Risk Management as an Internal Control Framework." September 7, 2021. https://ivypanda.com/essays/enterprise-risk-management-as-an-internal-control-framework/.


IvyPanda. 2021. "Enterprise Risk Management as an Internal Control Framework." September 7, 2021. https://ivypanda.com/essays/enterprise-risk-management-as-an-internal-control-framework/.


IvyPanda. (2021) 'Enterprise Risk Management as an Internal Control Framework'. 7 September.

Powered by CiteTotal, best reference generator
More related papers