Enterprise Risk Management

The AICPA Enterprise Risk Management (ERM) website provides resources to enable AICPA members to add value to their organization and client ERM initiatives.

The discipline of enterprise risk management focuses on building risk management capabilities within the organization. This begins with risk assessment.

There is no 10 or 12 step program to implement, monitor and develop a program but is guided by each entities governing principles. Governance principles, frameworks and practices can be found within this section.

This section includes supplemental resources for implementation, execution of responsibilities and best practices related to Risk Assessment and Governance.

Search Within the Business, Industry & Government Interest Area


ERM Reporting New Publication: Reporting Key Risk Information to the Board of Directors
The ERM Initiative at NC State University has recently released a thought paper, Reporting Key Risk Information to the Board of Directors, which includes examples of common practices organizations use to communicate top risks to their board of directors. This report highlights to whom they report risk information, how often that information is updated and when these reports are made, and it describes who is typically responsible for leading the risk discussion with the board of directors.
2016 Report on the Current State of Enterprise Risk Oversight: 7th Edition
This annual report produces a resource for benchmarking an organization’s approach to risk oversight against current trends. One notable area for improvement this year Calls for Improved Enterprise-Wide Risk Oversight.
GAO Green book GAO Green Book: Standards for Internal Control in the Federal Government
The U.S. Government Accountability Office (GAO) issued its revision of Standards for Internal Control in the Federal Government September 2014. Starting fiscal year 2016 it sets the standards for an effective internal control system for federal agencies. An entity uses the Green Book to help achieve its objectives related to operations, reporting, and compliance.

Social Media 

Join the AICPA Enterprise Risk Management group on LinkedIn!

(You must be a member of the AICPA LinkedIn group first.)

ERM Products 

Risk Assessment for Mid-Sized Organisations: COSO Tools for a Tailored Approach, 2nd Edition

Offers guidance and practical tools designed to demystify risk identification at the enterprise or entity level and to help the user develop a tailored approach to the organisation’s risk management requirements. This edition contains COSO thought leadership and an overview of risk assessment approaches and techniques that have emerged as the most useful and sustainable for decision making.

Enterprise Risk Management: Guidance for Practical Implementation and Assessment

This new resource helps ensure the enterprise risk management process is well designed, executed, and successful. It leverages the concepts of existing frameworks as a foundation for providing examples, best practices, and guidance.

Copyright © 2006-2017 American Institute of CPAs.