volatility, stabilizing earnings, enhancing capital efficiency, and lowering the anticipated costs of external capital and regulatory inspection, and maximizing shareholders value (Miccolis and Shah, 2000, Lam, 2001, Hoyt and Liebenberg, 2011, Cumming and Hirtle, 2001). Different models presented by different researchers for ERM (Olson and Wu, 2008). However, one of the most accepted models among previous researchers is the COSO‟s (2004) ERM integrated framework (Arena et al ., 2010, Wan Daud et al ., 2010, Tahir and Razali, 2011, Yazid et al ., 2011, Moeller, 2007, Olson and Wu, 2008, Ahmad et al ., 2014). This framework provides a risk management infrastructure in terms of eight elements to be studied under each of the four themes of objectives. Consequently, each level of the company implements the eight ERM elements into the four themes of the objectives. According to this framework, ERM components are (1) internal environment: which is the basis for all other components. It includes many variables such as e ntity‟s risk appetite; the entity‟s risk management philosophy; the entity‟s competence and ethical values development of personnel, and how the manager assigns responsibility and authority in organizations; (2) objective setting: It is a process to set ob jectives which are consistent with the entity‟s risk appetite and its mission; (3) event identification: which means identification of both risks and opportunities that affect the achievement to entity‟s objectives from internal and external environment; (4) risk assessment: it permits an entity to consider the impact and likelihood of events and analyzing risk by using both quantitative and qualitative approaches. It examines the positive and negative effects of potential events all over the entity; (5) risk response: management should select a proper reaction (avoiding, reducing, accepting and sharing risk) which is in line with the risk tolerance and risk appetite of entity; (6) control activities: it includes the policies and procedure which help manager to ensure that risk responses are effectively performed at all level of organization; (7) information and communication: this means information communicate to staff in a form and timeframe which helps them to fulfill their role and responsibility regarding ERM and other activities; and (8) monitoring: the ERM process and activities are monitored through separate evaluations, ongoing management activities, or both and modifications made as necessary (COSO, 2004). This framework suggested that a company‟s e nterprise risk management mechanism should be positioned to attain the following four objectives: (1) strategy: high-level objectives which are in line with the mission of the organization; (2) operations: short-level objectives which are related to the efficient and effective use of the resources; (3) reporting: accuracy of the quality of organization‟s reporting system; and (4) compliance: acting according to accepted regulation and lows (COSO, 2004).
