Skip to main content
COSO New Enterprise Risk Management Framework

COSO Updated Enterprise Risk Management Framework

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released an update to its ERM Framework: Enterprise Risk Management–Integrating with Strategy and Performance, which is the first and long awaited since 2004.

The updated COSO framework was developed by PricewaterhouseCoopers by request of the COSO board of directors. The main objective is to keep helping firms and organizations to enhance their risk management processes, frameworks and, ultimately, their culture towards Risk Management. COSO has also released a recent update on their internal control framework, which is used globally by several auditors. The main highlights of this ERM framework update include:

  • the importance of enterprise risk management in strategic planning, pointing out the importance of embedding ERM throughout firms to guarantee it aligns both with strategy and performance
  • improved integration of enterprise risk management with firms’ strategy through performance and implementation
  • create a more global framework than has been available in the past. COSO engaged with over 400 organizations in 11 countries that span five continents as part of creating this framework
  • as a result, many aspects that were some of COSO’s early theories and hypotheses were validated by this global debate, allowing to roll out all of the gathered knowledge into this new updated framework

In summary and quoting the official paper, COSO points out the main features of this update:

  • Provides greater insight into the value of enterprise risk management when setting andcarrying out strategy
  • Enhances alignment between performance and enterprise risk management to improve thesetting of performance targets and understanding the impact of risk on performance.
  • Accommodates expectations for governance and oversight.
  • Recognizes the globalization of markets and operations and the need to apply a common,albeit tailored, approach across geographies.
  • Presents new ways to view risk to setting and achieving objectives in the context of greaterbusiness complexity.
  • Expands reporting to address expectations for greater stakeholder transparency.
  • Accommodates evolving technologies and the proliferation of data and analytics in supportingdecision-making.
  • Sets out core definitions, components, and principles for all levels of management involvedin designing, implementing, and conducting enterprise risk management practices

Download the Executive Summary (PDF)

Click on the image below to access and download COSO’s executive summary (PDF, opens in a new window).

COSO Updated Enterprise Risk Management Framework

You may also like:

Exclusive Interview with ERM Expert Carol A. Williams Carol A. Williams has been working with Risk Management and Compliance/Regulation projects for over a decade having specialised in Enterprise Risk Man...
EBOOK: Reimagining Risk: An integrated Approach to Enterprise Risk Management Jim DeLoach has more than 40 years of experience in global consulting in business, IT, Risk and Internal Audit. He is currently a member of the Protiv...
100+ Countries Corporate Governance Codes The European Corporate Governance Institute (ECGI) is an international scientific non-profit association. Its main goal is to provide debate forums an...
VIDEO: COSO Enterprise Risk Management Course Choosing an adequate risk framework before adopting Enterprise Risk Management (ERM) is an important task. Adopting a standard framework for defining ...
EBOOK: Enterprise Risk Management Enterprise Risk Management (ERM) is a method which provides a given firm to have an overview of all its key risks and associated information, therefor...

Antonio Caldas

Program/Project/Risk manager with 15+ years mix-industry, with a particular emphasis in Banking & Financial Services. Active in risk management, market risk control, front office risk management, product control, change and transformation management, business analysis and business process improvement for global capital markets and investment banking, covering a multiple range of asset classes.

4 thoughts on “COSO Updated Enterprise Risk Management Framework

  1. Antonio,

    Since PwC was commissioned by COSO, it is time to rename it as PwC/COSO framework.

    Only from USA
    The main PwC authors are from USA and the members of the COSO Committee in charge to review the proposal made by PwC are only from USA.
    Since you are working as Markets – Business Manager at HAITONG based in Portugal, it is not clear why you like to promote the document.

    Except with the title, the content of the document is poorly written and has received very few comments, mainly negative, during the comment review period.

    Have you learn something new with this update ?

    1. Hi Alex,
      Thank you for your insights. I had the opportunity already to reply to your (same) comments in another forum. But I didn’t want to exclude your comments to the COSO updated ERM framework here in the Risk Management Guru blog. I truly appreciate your feedback and am sure it will contribute to the wider blog audience.

  2. Hi Antonio.

    Thank you for providing the updated ERM Model. I am a fan of logic and streamlining to holistically include compliance, governance and risk throughout business processes verses things coming to a screeching halt because someone failed to anticipate or follow correct process or take a visit to the compliance department or security department/team. Having worn a few hats in the game of risk, compliance and procurement, I cannot express enough how easier life will be to include such factors along the way.

Leave a Reply

Your email address will not be published. Required fields are marked *