Risk assessment ? the process of analyzing risks from the perspective of the liklihood of the risk's occurring and the potential impact of the event if it does occur ? is the core of an Enterprise Risk System (ERM). However, it is not the basis for the other components.
Identification of the organization's strategic objectives is an important component of an Enterprise Risk Management (ERM) system. However, it is not the basis for the other components.
Control activities are the policies and procedures implemented to ensure that risk responses are effectively implemented. They are not the basis for the other components.
The internal environment of the organization ? the attitude in the organization toward risk and risk management ? is the basis for all the other components of an Enterprise Risk Management (ERM) system.
|
