Question

Which of the following is not a component of COSO-ERM?

a. Event identification.
b. External environment.
c. Risk identification.
d. b and c.
e. All of the above are components of COSO.

Answer 1

The external environment and risk identification are not components of COSO-ERM.

Step-by-step explanation:

The correct answer is d. b and c., which states that the external environment and risk identification are not components of COSO-ERM.

COSO-ERM stands for the Committee of Sponsoring Organizations of the Treadway Commission - Enterprise Risk Management. It is a framework for managing and assessing an organization's risks. The components of COSO-ERM are:

1. Internal Environment: The internal environment sets the tone of an organization and includes its governance, risk management philosophy, and the integrity and ethical values of its people.
2. Objective Setting: This component involves defining the organization's objectives and aligning them with its mission and strategies.
3. Event Identification: Event identification involves determining potential events or risks that could affect the achievement of the organization's objectives.
4. Risk Assessment: Risk assessment involves evaluating the significance and likelihood of identified risks.
5. Risk Response: Risk response involves developing and implementing actions to mitigate or address identified risks.
6. Control Activities: Control activities are the policies, procedures, and processes implemented to achieve the organization's objectives and mitigate risks.
7. Information and Communication: Information and communication ensure that the necessary information is identified, captured, and communicated to support the achievement of the organization's objectives.
8. Monitoring: Monitoring involves regularly assessing the effectiveness of the organization's risk management processes.

The external environment and risk identification are not explicitly listed as components of COSO-ERM, hence they are not part of the framework.