List Books » Enterprise Risk Management and COSO: A Guide for Directors, Executives and Practitioners
Authors: Harry Cendrowski, William Mair
ISBN-13: 9780470460658, ISBN-10: 0470460652
Format: Hardcover
Publisher: Wiley, John & Sons, Incorporated
Date Published: December 2009
Edition: (Non-applicable)
Harry Cendrowski, CPA, ABV, CFF, CFE, CVA, CFD, CFFA, is Managing Director and co-founder of Cendrowski Corporate Advisors, Cendrowski Selecky PC, and Prosperitas Group LLC. He has over twenty-five years of experience assisting firms with their corporate governance and risk management practices. Harry is also active in the private equity (PE) arena, and has assisted PE funds with their due diligence and operational activities. He frequently serves as an expert witness in the areas of forensic accounting, business valuation, and fraud investigation. He is coauthor of Private Equity: History, Governance, and Operations and The Handbook of Fraud Deterrence, both published by Wiley. Harry also serves as the Director of Fraud and Forensic Services for the International Association of Consultants, Valuators and Analysts and is coauthor of the training materials used to train every Certified Fraud Deterrence Analyst (CFD).
William C. Mair is a former partner at Touche Ross & Co. (now Deloitte), chief auditing officer, chief accounting officer, and board member of a registered investment company. He is currently a financial systems consultant. Bill has studied internal control from all angles and has written extensively on the subject. He is best known as lead author of Computer Control and Audit, a revolutionary book in the field of information systems auditing. The Information Systems Audit and Control Association (ISACA) voted Bill the fourth most influential person among the pioneers of information systems auditing in a study published by the EDP Auditor Journal.
The importance of risk management has increased in recent years as numerous accounting scandals, financial crises, and billion-dollar frauds have caused investors and organizations to lose large amounts of wealth. While practitioners, academia, and regulators have sought to define risk and develop a framework for analyzing it, an understandable, transparent approach has largely eluded directors and executives. Enterprise Risk Management and COSO introduces a holistic risk assessment methodology, building upon the original COSO framework and COSO's subsequent enterprise risk management publication. This methodology allows managers and risk assessment practitioners to accurately measure the levels of enterprise risk.
To better serve this mission, the book is divided into two sections. The first section introduces key tenets of enterprise risk management at a high level for directors and executives. The second section details quantitative risk management models for risk assessment practitioners. Within this latter section, the book presents a unique methodology to help organizations better understand and quantify the risks they face. This methodology serves as an invaluable guide to quantifying and assessing risks within selected groups of enterprise systems.
Enterprise Risk Management and COSO thoroughly provides clear-cut guidance on relevant topics including:
About the Contributors vii
Acknowledgments xi
Preface xiii
Section I Organizational Risk Management 1
Chapter 1 An Introduction to Risk 9
Chapter 2 Key Tenets of Enterprise Risk Management 17
Chapter 3 Mitigating Operational Risks Through Strategic Thinking 39
Chapter 4 Mitigating Risks in Internal Investigations and Insurance Coverage 53
Section II Quantitative Risk Management 67
Chapter 5 Recognized Control Frameworks: COSO-IC and COSO-ERM 75
Chapter 6 Other Control Frameworks 99
Chapter 7 Qualitative Control Concepts 113
Chapter 8 Quantitative Control Relationships 151
Chapter 9 Excel Applications 179
Chapter 10 Interdependent Systems 191
Chapter 11 Documentation 203
Chapter 12 The Process for Assessing Internal Control 219
Chapter 13 Monitoring Internal Controls 239
Chapter 14 Accounting Policies and Procedures 257
Chapter 15 Business Process Applications 273
Chapter 16 General and Infrastructure Systems 285
Chapter 17 Trusted System Providers 295
Chapter 18 Reporting on Internal Control 303
Chapter 19 Review and Acceptance of Assessments 311
Glossary 317
Appendix: Internal Control Sections of the Sarbanes-Oxley Act 319
Index 323