(7)What are components of Enterprise Risk Management?

 Answer: ERM consists of following 8 components that are interrelated. They are derived from the way management runs a business.

(1)Internal Environment: This component reflects an entity's enterprise risk management philosophy and commitment.

(2)Event Identification: This component reflects identification of potential events that have impact on entity. Potentially negative events represent risks whereas potentially positive events represent opportunities.

(3)Objective Setting:  ERM ensures that management has a process for setting objectives. Objective setting is a pre-condition to event identification, risk assessment and risk response.

(4)Information & Communication: The organization communicates relevant information in a timely manner. Effective communication flows down, across and up the organization.

(5)Risk Assessment: The likelihood and impact of risks are assessed. Risks are assessed on both inherent as well as residual basis.

(6)Risk Response: Management considers alternative risk response options. Risk response can be in form of avoiding, accepting, reducing or sharing of risk. 

(7)Control Activities: Management implements control activities like policies and procedures throughout the organization for managing risk.

(8)Monitoring: ERM system should be monitored and modified, if required.