ERM methods deployed by any organization should at least consider compliance with global standards if not exactly mirroring COSO (Committee of Sponsoring Organizations of the Treadway Commission, with respect to their organizing committees at AAA, AICPA, FEI, IMA, and IIA), International Standards ISO 31000:2009, the U.S. Sarbanes–Oxley Act, the Basel III/IVI/IV requirements for Operational Risk (from the Basel Committee through the Bank of International Settlements), and NIST 800-37. The parallels and applications of ROV methodologies closely mirror, and at times exceed, these regulatory and international standards.
Figures 4.1–4.10 illustrate some examples of compliance with ISO 31000:2009, Figures 4.11–4.20 show compliance with Basel III/IV/IV and Basel IV requirements, and Figures 4.21–4.29 show compliance with COSO requirements. These figures and the summary lists that follow assume that the reader is already familiar with the integrated risk management or IRM methodology employed throughout this book.