Imagine you are an information technology manager employed by a business that needs you to develop a plan for an effective enterprise risk management (ERM) program. ERM has not been a priority for the organization, but failed corporate security audits, data breaches, and recent news stories have convinced the board of directors that they must address these weaknesses. As a result, the CEO has asked you to create a brief overview of ERM and provide recommendations for establishing an effective ERM program to address this area.
Write a 3–4 page paper in which you:
- Summarize the COSO Risk Management Framework and COSO’s ERM process.
- Recommend the approach management should take to implement an effective ERM program. Include the issues and organizational impact they might encounter if they do not implement an effective ERM program.
- Analyze the methods for establishing key risk indicators (KRIs).
- Suggest the approach that the organization should take to link the KRIs with the organization’s strategic initiatives.
- Use at least three quality resources in this assignment (in addition to—and which support—the documents from the COSO website referenced in this assignment). Note: Wikipedia and similar websites do not qualify as quality resources.