Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "COSO Enterprise Risk Management", Robert R. Moeller

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCOSERM.RVW 20070506 COSO Enterprise Risk Management , Robert R. Moeller, 2007, 0-471-74115-9 %A Robert R. Moeller %C 5353 Dundas Street West, 4th
    Message 1 of 1 , Aug 6, 2007
    • 0 Attachment
      BKCOSERM.RVW 20070506

      "COSO Enterprise Risk Management", Robert R. Moeller, 2007,
      %A Robert R. Moeller
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2007
      %G 0-471-74115-9 978-0-471-74115-2
      %I John Wiley & Sons, Inc.
      %O 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0471741159/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0471741159/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 367 p.
      %T "COSO Enterprise Risk Management"

      The inclusion of "COSO" (the Committee Of Sponsoring Organizations of
      the Treadway Commission) in the title indicates that this work takes a
      corporate, and particularly financial, perspective with respect to
      risk management. The fact that the first paragraph of the preface
      makes reference to the key (if rather vague) phrase "internal
      controls" reinforces this idea. It is, therefore, somewhat ironic
      that the introduction complains that risk management is poorly defined
      and understood. The concept of internal control is similarly
      nebulous, and a badly understood abstraction can hardly be expected to
      result in advice likely to lead to solid implementations by the
      readers of the book.

      Chapter one is a general introduction to the perceived need for COSO
      and internal controls. With yet more unintentional incongruity there
      is heavy emphasis on ethics and philosophy within the organization.
      (An ethical enterprise would presumably have no need for internal
      controls.) A traditional risk management process is outlined in
      chapter two. (There is a great deal of consideration given to
      surveys, but little to either hard facts or statistics.) Chapter
      three's review of "enterprise" risk management reiterates a good deal
      of the previous material. The COSO risk management components are
      noted, mostly in regard to the highest corporate levels. The
      additional COSO dimensions of objectives and entity levels are covered
      in chapter four. Chapter five repeats content on roles,
      responsibilities, and process aspects of risk management. The history
      of the initial (1992 version) COSO structure is given in chapter six.

      Chapter seven provides background on the Sarbanes-Oxley law, and some
      relations to the COSO framework. Audit is discussed in both chapters
      eight and nine, first with respect to the board, and then in regard to
      internal audit activities. The project management cycle is reviewed
      in chapter ten: unlike most similar pieces in risk management books,
      this one at least addresses specific functions regarding risk
      management. Chapter eleven purportedly ties enterprise risk
      management to information technology, but the topics are limited to
      application development, business continuity, and malware.

      Chapter twelve's suggestions on building a risk culture follow the
      usual advice on creating a security awareness program. Various
      national financial standards and regulations are noted in chapter
      thirteen. In chapter fourteen the author ruminates on what should
      happen with risk management in the future.

      This book is almost identical in content and style to numerous others
      on similar topics, such as Marchetti's "Beyond Sarbanes-Oxley
      Compliance" (cf. BKBYNSOX.RVW), "Security Controls for Sarbanes-Oxley
      Section 404 IT Compliance" by Brewer (cf. BKSCSOXC.RVW), Lahti and
      Peterson's "Sarbanes-Oxley IT Compliance Using COBIT and Open Source
      Tools" (cf. BKSOITCU.RVW), and the rather better "Beyond COSO", by
      Steven J. Root (cf. BKBECOSO.RVW). The writing and material may
      provide some assistance with a risk management process, but the
      central points could have been provided in a clearer and more concise

      copyright Robert M. Slade, 2007 BKCOSERM.RVW 20070506

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      ...a State, which dwarfs its men, in order that they may be more
      docile instruments in its hands even for beneficial purposes,
      will find that with small men no great thing can really be
      - John Stuart Mill (1806-1873), On Liberty and Utilitarianism
    Your message has been successfully submitted and would be delivered to recipients shortly.