1 Origins of COSO instrumental bluegrass, hypnagogic shoegaze, acoustic chicago blues cape verdean, afrikaner folk drill Learn how the Committee of Sponsoring Organizations (COSO) emerged in 1985 when five major accounting and auditing organizations united to combat rising financial fraud and corruption. Discover the foundational story behind one of the most influential frameworks in enterprise risk management and internal controls.
2 The 2004 ERM Framework instrumental bluegrass, hypnagogic shoegaze, acoustic chicago blues cape verdean, afrikaner folk drill Learn how COSO transformed risk management in 2004 by expanding their internal control framework into a comprehensive eight-component cube model. Discover the foundational elements from internal environment and objective setting to event identification that revolutionized enterprise risk management practices.
3 The 2017 Revision: Strategy and Performance afroswing new wave, harpischord acid jazz, arabic mariachi Explore how COSO transformed its rigid 2004 eight-component cube into a dynamic 2017 framework that shifts focus from mere compliance to strategic risk management in our rapidly evolving business landscape. Learn the key improvements that enable organizations to better integrate risk considerations into strategy-setting and performance optimization.
4 Relationship to COSO 2013 Internal Control afroswing new wave, harpischord acid jazz, arabic mariachi Explores how the 2013 COSO Internal Control framework serves as a foundational subset within the broader 2017 Enterprise Risk Management framework, helping listeners understand the interconnected relationship between these two essential business governance tools.
1 The Five Components samba dirty south, bossa nova, koto drill and bass, egyptian swing Discover the five interconnected components that form the foundation of effective enterprise risk management, learning how these elements work together to guide organizations from mission to value creation.
2 The Twenty Principles dreamy acid house, acid techno avant-garde jazz, urdu jazz Explore the foundational governance and cultural elements that form the bedrock of effective enterprise risk management, learning how board oversight, organizational structures, and capable personnel create the essential framework for managing business risks.
3 The Ribbon Model instrumental bluegrass, hypnagogic shoegaze, acoustic chicago blues cape verdean, afrikaner folk drill Learn how the dynamic Ribbon Model revolutionizes enterprise risk management by replacing static cube structures with flowing, interconnected visual elements that seamlessly link organizational missions to strategic goals.
1 Principle 1: Exercises Board Risk Oversight instrumental bluegrass, hypnagogic shoegaze, acoustic chicago blues cape verdean, afrikaner folk drill Learn how corporate boards must elevate beyond simple risk registers to truly understand and oversee the strategic risks that flow from every business decision. Discover the fundamental responsibilities that separate effective board oversight from mere administrative review.
2 Principle 2: Establishes Operating Structures afroswing new wave, harpischord acid jazz, arabic mariachi Learn how organizational design, reporting relationships, and authority structures form the backbone of effective enterprise risk management within your company's operational framework. Discover why clear roles, information flow, and governance hierarchies serve as critical defense mechanisms against business risks.
3 Principle 3: Defines Desired Culture ambient house 16-bit, bengali surf, acoustic texas blues chillstep Learn how organizational culture goes beyond mission statements to become the foundation that determines whether enterprise risk management succeeds or fails in practice. Discover why shared values and behaviors under pressure are the true drivers of effective risk culture within any organization.
4 Principle 4: Demonstrates Commitment to Core Values dreamy acid house, acid techno avant-garde jazz, urdu jazz Learn how organizations can maintain their ethical foundation by embedding core values into daily operations and decision-making processes, especially when facing pressure to compromise. Discover practical strategies for transforming values from wall decorations into living standards that guide behavior during challenging situations.
5 Principle 5: Attracts, Develops, and Retains Capable Individuals instrumental bluegrass, hypnagogic shoegaze, acoustic chicago blues cape verdean, afrikaner folk drill Learn how organizations build resilient risk management by strategically attracting, developing, and retaining skilled professionals who possess both technical expertise and sound judgment. Discover the critical importance of matching competencies to specific risk roles and creating teams with the right mindset to identify and address emerging threats.
1 Principle 6: Analyzes Business Context samba dirty south, bossa nova, koto drill and bass, egyptian swing Learn how to thoroughly analyze your business environment by examining external forces like economic trends, political changes, technology shifts, and regulatory requirements before setting strategic direction. This principle teaches you to map the complete landscape of factors that could impact your organization's risk profile and strategic objectives.
2 Principle 7: Defines Risk Appetite ambient house 16-bit, bengali surf, acoustic texas blues chillstep Learn how organizations establish their risk appetite as a comprehensive guidance system that combines qualitative narratives with quantitative measures to direct decision-making at every business level. Discover why risk appetite goes far beyond a single number to become a strategic framework that helps boards and management balance safety with opportunity.
3 Principle 8: Evaluates Alternative Strategies dreamy acid house, acid techno avant-garde jazz, urdu jazz Learn how organizations systematically evaluate multiple strategic options by analyzing the unique risks and opportunities each path presents before making critical business decisions. This principle ensures companies don't just choose strategies that sound appealing, but thoroughly assess potential dangers and missed opportunities across all alternatives.
4 Principle 9: Formulates Business Objectives instrumental bluegrass, hypnagogic shoegaze, acoustic chicago blues cape verdean, afrikaner folk drill Learn how to transform your strategic vision into actionable business objectives across operations, reporting, and compliance while recognizing the inherent risks that come with every goal you set. This principle bridges the critical gap between strategic planning and practical implementation in enterprise risk management.
1 Principle 10: Identifies Risk acid house, slushwave acid house Organizations learn to systematically identify and monitor threats and opportunities across all business levels through continuous, comprehensive risk assessment processes that protect strategic objectives and daily operations.
2 Principle 11: Assesses Severity of Risk ambient house 16-bit, bengali surf, acoustic texas blues chillstep Learn how to properly evaluate and measure enterprise risks by assessing both their potential impact and likelihood of occurrence. This principle teaches the critical skill of determining risk severity to prioritize organizational response efforts effectively.
3 Principle 12: Prioritizes Risks afroswing new wave, harpischord acid jazz, arabic mariachi Learn how to effectively sort and rank enterprise risks based on their potential impact and urgency, discovering strategic approaches to allocate limited resources where they matter most while distinguishing between risks that require immediate attention and those that can wait.
4 Principle 13: Implements Risk Responses samba dirty south, bossa nova, koto drill and bass, egyptian swing Learn the five essential risk response strategies that organizations can deploy when threats emerge, from accepting manageable risks to completely avoiding others, ensuring your enterprise remains resilient and well-protected.
5 Principle 14: Develops Portfolio View instrumental bluegrass, hypnagogic shoegaze, acoustic chicago blues cape verdean, afrikaner folk drill Organizations learn to move beyond siloed risk assessment by developing a comprehensive portfolio view that aggregates individual risks to reveal hidden interconnections and cumulative exposures across the entire enterprise.
1 Principle 15: Assesses Substantial Change acid house, slushwave acid house Organizations must develop robust monitoring systems to detect and evaluate significant changes in their business environment, from market shifts and regulatory updates to leadership transitions and technological disruptions that could impact their risk profile and strategic direction.
2 Principle 16: Reviews Risk and Performance afroswing new wave, harpischord acid jazz, arabic mariachi Organizations learn to balance performance celebration with critical risk assessment, discovering how strong quarterly results can mask underlying vulnerabilities that threaten future success.
3 Principle 17: Pursues Improvement in Enterprise Risk Management instrumental bluegrass, hypnagogic shoegaze, acoustic chicago blues cape verdean, afrikaner folk drill Learn how enterprise risk management frameworks must continuously evolve and adapt through maturity models, lessons learned, and changing business contexts. Discover why treating ERM as a living, breathing system rather than a static process is essential for organizational growth and resilience.
1 Principle 18: Leverages Information and Technology acid house, slushwave acid house Learn how organizations can harness the power of quality data and robust technology infrastructure to enhance their enterprise risk management capabilities. Discover why prioritizing data integrity over volume creates more reliable risk assessment and decision-making processes.
2 Principle 19: Communicates Risk Information ambient house 16-bit, bengali surf, acoustic texas blues chillstep Learn how organizations can establish effective communication channels that ensure critical risk information flows freely throughout all levels of the company, creating a culture where employees feel safe to report potential threats without fear of retribution.
3 Principle 20: Reports on Risk, Culture, and Performance samba dirty south, bossa nova, koto drill and bass, egyptian swing Organizations learn how to create comprehensive reporting systems that effectively communicate risk assessments, cultural health metrics, and performance indicators across all levels of the enterprise. The discussion covers dashboard design, heat mapping techniques, and strategies for ensuring critical information flows seamlessly between boardrooms and operational teams.
1 Risk as Both Threat and Opportunity acid house, slushwave acid house Learn how the COSO 2017 framework redefines enterprise risk management by recognizing risk as having dual nature - both potential threats to avoid and valuable opportunities to pursue. Discover why modern organizations must balance these two perspectives to create comprehensive risk strategies that drive both protection and growth.
2 Mission, Vision, and Core Values as Anchors afroswing new wave, harpischord acid jazz, arabic mariachi Learn how mission statements, vision, and core values serve as fundamental anchors that must be established before developing strategy and objectives in enterprise risk management. Discover why these foundational elements guide decision-making and set moral boundaries for organizational success.
3 Severity Beyond Impact and Likelihood dreamy acid house, acid techno avant-garde jazz, urdu jazz Discover how modern risk assessment extends far beyond traditional impact and likelihood measurements to include five additional critical dimensions like velocity and persistence that provide a complete picture of organizational threats.
4 Bias and Judgment in Risk Management samba dirty south, bossa nova, koto drill and bass, egyptian swing Explores how cognitive biases and mental shortcuts can distort risk assessment and decision-making, teaching listeners to recognize and mitigate common judgment errors that lead to flawed risk management strategies.
5 Integration, Not Isolation dreamy acid house, acid techno avant-garde jazz, urdu jazz Learn how to break down organizational silos and weave risk management directly into strategic decision-making processes, transforming it from an isolated function into an integral part of business operations that creates real value.
1 Establishing an ERM Program afroswing new wave, harpischord acid jazz, arabic mariachi Learn how to build a comprehensive Enterprise Risk Management program from the ground up, starting with board-level mandate and commitment through to management design and accountability structures. Discover the essential steps for creating organizational buy-in, allocating resources effectively, and embedding risk management into every business process.
2 Common Implementation Challenges afroswing new wave, harpischord acid jazz, arabic mariachi Organizations often fall into the trap of treating enterprise risk management as a mere compliance exercise or struggle with resource constraints, missing the strategic value and comprehensive protection that effective ERM implementation can provide.
3 Maturity Progression acid house, slushwave acid house Discover how organizations evolve from chaotic, reactive crisis management to structured enterprise risk frameworks through three distinct maturity levels. Learn to identify where your organization stands and understand the progression from ad hoc responses to systematic risk management approaches.
1 COSO 2013 Internal Control dreamy acid house, acid techno avant-garde jazz, urdu jazz Learn the foundational COSO 2013 Internal Control Framework and its seventeen components across five essential categories that organizations use to build reliable financial reporting and operational effectiveness. Discover how control environment, risk assessment, control activities, information and communication, and monitoring work together to create robust internal controls.
2 ISO 31000:2018 acid house, slushwave acid house Learn how ISO 31000:2018 and COSO 2017 complement each other as leading risk management frameworks, exploring their unique approaches and shared objectives for effective enterprise risk governance. Discover the distinct roles each standard plays while working toward the common goal of comprehensive organizational risk management.
3 NIST Risk Management Framework (RMF) and NIST 800-53 acid house, slushwave acid house Explore how the NIST Risk Management Framework complements COSO's enterprise risk approach by providing specialized cybersecurity guidance through its systematic seven-step process. Learn to bridge organizational risk strategy with technical security controls using NIST 800-53 standards for comprehensive system protection.
4 COBIT (Control Objectives for Information and Related Technologies) samba dirty south, bossa nova, koto drill and bass, egyptian swing COBIT provides a comprehensive framework for governing IT systems and managing digital risks within enterprise environments. Listeners will discover how this ISACA-developed tool brings clarity and structure to technology governance, helping organizations navigate the complex landscape of digital risk management.
5 Basel III and Financial Services Risk Frameworks afroswing new wave, harpischord acid jazz, arabic mariachi Discover how Basel III's three-pillar banking regulations integrate with COSO's comprehensive enterprise risk management framework to create robust financial safeguards. Learn the essential capital requirements and risk assessment strategies that modern financial institutions must implement to navigate regulatory compliance while maintaining operational resilience.
6 SOC 2 and Assurance Frameworks acid house, slushwave acid house Learn how SOC 2's five trust criteria (Security, Availability, Processing, Confidentiality, and Privacy) create a comprehensive framework for protecting data and proving system reliability. Discover how these foundational pillars work together to demonstrate organizational trustworthiness and operational excellence.
1 Quantitative Risk Modeling ambient house 16-bit, bengali surf, acoustic texas blues chillstep Learn how to transform uncertain business risks into measurable data using Monte Carlo simulations and quantitative modeling techniques that turn chaotic variables into actionable insights. Discover how thousands of randomized scenarios can illuminate the true probability landscape of your organization's risk exposure.
2 Emerging Risk Management afroswing new wave, harpischord acid jazz, arabic mariachi Explore how modern organizations identify and assess new types of risks that emerge from technological disruption, climate change, and social transformation, learning systematic approaches to spot early warning signals before they impact business operations.
3 Risk Culture Assessment and Transformation instrumental bluegrass, hypnagogic shoegaze, acoustic chicago blues cape verdean, afrikaner folk drill Learn how to assess and transform your organization's risk culture by understanding the critical gap between written policies and actual employee behavior when facing high-pressure decisions. Discover practical methods for evaluating how people really respond to risk situations and strategies for aligning cultural practices with organizational risk management objectives.
4 ERM Technology Architecture acid house, slushwave acid house Explore the seven essential technology layers that form a comprehensive Enterprise Risk Management architecture, from GRC platforms and data analytics to KRI monitoring systems that work together to provide real-time risk visibility and control.
5 Regulatory and Legal Landscape afroswing new wave, harpischord acid jazz, arabic mariachi · 4:21 Navigate the complex web of federal regulations, SEC disclosure requirements, and legal frameworks that shape enterprise risk management, while discovering how effective compliance programs can influence judicial outcomes and protect organizations from regulatory penalties.
6 Third-Party and Supply Chain Risk dreamy acid house, acid techno avant-garde jazz, urdu jazz Explore how partnering with vendors and suppliers exponentially expands your enterprise risk profile, learning to identify and manage exposures that extend far beyond your organization's direct control under the COSO 2017 framework.
7 ESG and Climate Risk Integration dreamy acid house, acid techno avant-garde jazz, urdu jazz Learn how environmental, social, and governance factors are reshaping enterprise risk management as organizations navigate physical climate threats and transition risks in evolving low-carbon markets. This exploration reveals practical strategies for integrating ESG considerations into comprehensive risk assessment frameworks.
1 Certifications That Cover COSO 2017 ERM samba dirty south, bossa nova, koto drill and bass, egyptian swing Explore five key professional certifications including CIA, CRMA, and CRISC that incorporate COSO 2017 Enterprise Risk Management principles and can accelerate your risk management career advancement.
2 Key Study Priorities for Certification Exams dreamy acid house, acid techno avant-garde jazz, urdu jazz Learn the essential study priorities for mastering the COSO 2017 Enterprise Risk Management Framework, focusing on its five components, twenty principles, and key updates from the 2004 version. Discover how governance, strategy, culture, and information flow work together to create an effective risk management system for certification success.