- Identify the key elements of true enterprise risk management (ERM), including the COSO and ISO frameworks, and their emphasis on aligning risk processes with organizational strategy. - Distinguish between traditional risk management and ERM by comparing their scope, governance structures (e.g., risk councils versus siloed roles), and the integration of risk appetite. - Recall the roles of CPAs and internal audit in supporting ERM activities, such as assessing residual risk, validating control effectiveness, and ensuring transparent reporting to governance bodies. - Select appropriate risk response strategies—avoidance, transfer, mitigation, or exploitation—by evaluating an organization’s defined risk appetite and strategic objectives.