Printed from
The IIA: Managing Risk from the Mailroom to the Boardroom
Printervenlig udgave
Gode råd til at indføre Enterprise Risk Management fra The Institute of Internal Auditors (UK, 2003)


Few areas of corporate oversight are more important these days than the evaluation of the organization’s ability to manage risk. However, risk and control are virtually inseparable — like two sides of a coin — meaning that risks first must be identified and assessed; then managed and mitigated by the implementation of a strong system of internal control.

Enterprise Risk Management (ERM) is the process of identifying and analyzing risk from an integrated, companywide perspective. COSO’s ERM Framework offer boards and management — regardless of the organization’s size or scope — a commonly accepted model for discussing and evaluating the organization’s risk management efforts. This includes all activities geared toward meeting its strategic, operational, reporting, and compliance objectives. The framework focus on the necessity of a consistent “risk and control consciousness” throughout the enterprise; the importance of considering risk during the formulation of strategy; and the interrelationships of risks across business units and at every level of the organization.

Managing Risk from the Mailroom to the Boardroom (PDF)