The Committee of Sponsoring Organizations of the Treadway Commission, known as COSO, is releasing new guidance on enterprise risk management that supplements its widely used ERM Framework.
COSO is jointly sponsored by five prominent accounting organizations: the American Accounting Association, the American Institute of CPAs, Financial Executives International, the Institute of Management Accountants and the Institute of Internal Auditors.
In 2017, COSO updated an earlier ERM framework from 2004, and again with its 1992 internal control framework, which it updated in 2013.
The new guidance, “
The project was commissioned by COSO and co-authored by Richard Anderson and Dr. Mark Frigo of DePaul University.
“Together with COSO’s Enterprise Risk Management – Integrating with Strategy and Performance and other COSO guidance, this paper is a good starting point for an effective ERM initiative,” said COSO chairman Paul Sobel (pictured) in a statement. “The goal is to develop a momentum for ERM to expand and deepen the organization’s strategy-setting, performance, and risk-management processes in pursuit of creating and protecting value.”
The guidance is based on the best practices used by organizations in taking a step-by-step approach to implementing ERM. An ERM initiative needs to be tailored carefully to the needs of the organization. The updated COSO ERM Framework clarifies both the relationship between strategy and risk and that the objective of ERM is to help an organization achieve its strategy and business objectives.
“Organizations can enhance their abilities to be successful in both addressing risks and taking advantage of opportunities by enhancing their enterprise risk management processes and integrating ERM fully into their strategy setting and performance processes,” according to the document. “Enhancing their ERM processes starts with a clear understanding of the role of ERM in assisting the directors and management to make better decisions and achieve their strategy and business objectives. The updated COSO ERM Framework clarifies both the relationship between strategy and risk and that the objective of ERM is to assist the organization to achieve its strategy and business objectives. Understanding these two key points is not only critical for success but important in setting and communicating the risk culture of the organization.”
“The business environment today is one in which boards of directors and senior management will continue to face rapid changes, complexities, and volatile risks,” said Anderson in a statement. “Such an environment, however, also presents them with significant new opportunities. Organizations can enhance their abilities to be successful in both addressing risks and taking advantage of opportunities by enhancing their enterprise risk management processes and integrating ERM fully into their strategy setting and performance processes.”