Enterprise Risk Management

The AICPA Enterprise Risk Management (ERM) website provides resources to enable AICPA members to add value to their organization and client ERM initiatives.

The discipline of enterprise risk management focuses on building risk management capabilities within the organization. This begins with risk assessment.

There is no 10 or 12 step program to implement, monitor and develop a program but is guided by each entities governing principles. Governance principles, frameworks and practices can be found within this section.

This section includes supplemental resources for implementation, execution of responsibilities and best practices related to Risk Assessment and Governance.

Search Within the Business, Industry & Government Interest Area


ERM Reporting New Publication: 2017 Report on the Current State of Enterprise Risk Oversight 8th Edition
NC State’s ERM Initiative, in partnership with the American Institute of CPAs, just released its 2017 The State of Risk Oversight: An Overview of Enterprise Risk Management Practices. Based on survey responses from 432 business executives spanning a number of industries, types and sizes of organizations, the report provides detailed insights about the state of maturity of their organization’s current state of enterprise risk management (ERM) practices. This is the eighth year that NC State has conducted similar research in partnership with the AICPA.
Executive Perspectives on Top Risks for 2017 Executive Perspectives on Top Risks for 2017
Key Issues Being Discussed in the Boardroom and C-Suite, summarizes the top risks that executives and board members see on the horizon for 2017 and it provides an analysis of top risk concerns across a number of industries and sizes of organizations, and executive positions. The report is a reminder of the need to devote more resources to risk management and risk oversight given the complexities and risks within the global business environment.
GAO Green book GAO Green Book: Standards for Internal Control in the Federal Government
The U.S. Government Accountability Office (GAO) issued its revision of Standards for Internal Control in the Federal Government September 2014. Starting fiscal year 2016 it sets the standards for an effective internal control system for federal agencies. An entity uses the Green Book to help achieve its objectives related to operations, reporting, and compliance.

Social Media 

Join the AICPA Enterprise Risk Management group on LinkedIn!

(You must be a member of the AICPA LinkedIn group first.)

ERM Products 

Risk Assessment for Mid-Sized Organisations: COSO Tools for a Tailored Approach, 2nd Edition

Offers guidance and practical tools designed to demystify risk identification at the enterprise or entity level and to help the user develop a tailored approach to the organisation’s risk management requirements. This edition contains COSO thought leadership and an overview of risk assessment approaches and techniques that have emerged as the most useful and sustainable for decision making.

Enterprise Risk Management: Guidance for Practical Implementation and Assessment

This new resource helps ensure the enterprise risk management process is well designed, executed, and successful. It leverages the concepts of existing frameworks as a foundation for providing examples, best practices, and guidance.

© 2017 Association of International Certified Professional Accountants. All rights reserved.