Auditing the Enterprise Risk Management Process - OAR341


This course will start with an overview of the Enterprise Risk Management process and all the underlying elements of Enterprise Risk Management, including a discussion on risk appetite, governance, and roles & responsibilities. The course will provide more details into the attributes that make an Enterprise Risk Management process effective, such as addressing black swans, using risk-driven metrics, and linking Enterprise Risk Management with the organization’s strategy. Most of the course will involve methods for auditing the Enterprise Risk Management process by assessing the Enterprise Risk Management process according to the COSO framework, comprising five components and twenty principles.   

The five components include: 1) Governance & Culture, 2) Strategy & Objective Setting, 3) Performance, and 4) Review & Revision. The objective of the assessment procedures is to determine if the organization’s ERM process exhibits these twenty principles.  

There will also be a discussion to address another risk management framework, ISO 31000. A summary of key highlights of ISO 31000 will be covered; we will also compare the commonalities and differences between the ISO risk management framework and the COSO risk management framework. 

The course will end with a discussion on Enterprise Risk Management reporting to various stakeholders.  

The course will be delivered with practical application of concepts using actual examples, case studies, and exercises. 


Tuition cost


NASBA Certified CPE

16 Credits


Why you should attend

You should attend because auditors are required to evaluate the adequacy and effectiveness of risk management processes.

Who should attend

Audit directors and managers, risk officers, internal and external auditors, information technology auditors, and operations managers.

What You'll learn

You will learn the characteristics and functionality of effective ERM programs, and how auditors can evaluate the risk management process.


  • Risk School (OAR201) or equivalent experience

Course Objectives 

  • The learner will understand the basic elements of the entire ERM process, including governance, execution, and reporting. 
  • The learner will define common ERM vocabulary and terminology. 
  • The learner will understand how the ERM process should be linked to the organization's strategy. 
  • The learner will apply the ERM framework principles and develop auditing procedures to assess the effectiveness of an organization's ERM process. 
  • The learner will identify the differences between the two of the most used ERM frameworks, COSO and ISO. 

Course Topics  

  1. Enterprise Risk Management (ERM) 
  2. COSO Principles 1-20 

Schedule your course

Use the table below to select the time and location that works best for you.

Timezone: America/New_York

February 2022

Feb 9th, 2022-Feb 10th, 2022

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: