The COSO Enterprise Risk Management (ERM) Framework clearly states that ERM is effected by the entity’s board of directors, management and “other personnel”, which means that every person in the organisation should be involved. All these professionals already engage in risk