COSO

IF - R

Risk Assesment

IF - R Acronym

SAFR Specify objectives Assess identified changes Fraud potential Risk identification and analysis

ERM - R Acronym

SIR Substantial change assessed Improvement in ERM pursued Reviews risk and performance

ERM - O1 Acronym

SOAR Strategies evaluated Objectives formulated Analyze business context Risk appetite defined

IF - M Acronym

SOD Seperate & Ongoing evaluations Deficiencies Communicated

ERM - O Acronym

TIP Technology and information leveraged Information about risk communicated Performance, risk, and culture reported

ERM - P Acronym

VAPIR View developed Assess severity of risk Prioritize risk Identify risk Response to risk implemented

IF - E Acronym

CAT P Control activities Technology controls Policies and procedures

IF - C

Control Environment

ERM - G Acronym

DOVES Desired Culture Oversight Value Commitment Employees Structure

IF - C Acronym

EBOCA Ethical Commitment Board independence and oversight Organizational Structure Competence Accountability

IF - E

Existing Controls

ERM - G

Governance and Culture

IF - I

Information and Communication

IF - M

Monitoring

IF I Acronym

OIEI Obtain and use info Internally communicate info External party info

ERM - O

Objective Setting

ERM - O

Ongoing information, communication, and reporting

ERM - P

Performance

ERM - R

Review and Revision