This assignment consists of three (3) sections: a Written Paper, a Project Plan, and a PowerPoint Presentation. You must submit all three (3) sections as a separate file for the completion of this assignment.
The following material may be useful for the completion of this assignment. You may refer to the documents on the COSO website titled "Embracing Enterprise Risk Management: Practical Approaches for Getting Started" and "Developing Key Risk Indicators to Strengthen Enterprise Risk Management".
Imagine you are an Information Security Manager in a medium-sized organization that needs you to develop an effective Enterprise Risk Management (ERM) program. The organization has not been consistent or thorough in their risk management approach, which has resulted in IDS, software, and operating systems not being updated, failed corporate security audits, denial of service attacks, data breaches, lost and stolen laptops, and other security incidents. However, the CEO recognizes the importance of ERM and has tasked you to create a brief overview of ERM and recommendations for establishing an effective ERM program that will be briefed to the senior leadership within the organization. Imagine you determine that the COSO guidance will be a good place to start.
Section 1: Written Paper
Write a two (2) page paper in which you:
1a. Summarize the COSO Risk Management Framework and COSO's ERM process.
1b. Recommend to management the approach that they need to take to implement an effective ERM program. Include the issues and organizational impact they might encounter if they do not implement an effective ERM program.
1c. Analyze the methods for establishing key risk indicators (KRIs).
1d. Suggest the approach that the organization needs to take in order to link the KRIs with the organization's strategic initiatives.
1e. Use at least three (3) quality resources in this assignment (in addition to and that support the documents from the COSO Website referenced in this assignment). Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
Section 2: Project Plan
Develop a Project Plan with the IT audit tasks that address the ERM process; ensure that you include relevant steps identified in the documents from the COSO Website ("Embracing Enterprise Risk Management: Practical Approaches for Getting Started" and " Developing Key Risk Indicators to Strengthen Enterprise Risk Management"). You can use Microsoft Project or an Open Source alternative (such as Open Project).
Develop a project plan in which you:
2a. Identify ERM tasks.
2b. Explain the establishment of KRIs as identified in the written paper (section 1).
2c. Develop a timeline showing task durations, start dates, predecessors, and resources.
Section 3: PowerPoint Presentation
Develop a PowerPoint Presentation consisting of a title slide and a minimum of five (5) content slides that will be used in the presentation to senior management:
3a. Analyze COSO's ERM process.
3b. Support the approach to implement an effective ERM program.
3c. Provide an overview of the approach to take in order to link the KRIs with the organization's strategic initiatives.
3d. Recommend a management approach for implementing an effective ERM program and avoiding potential issues.