The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released an update to its ERM Framework: Enterprise Risk Management–Integrating with Strategy and Performance, which is the first and long awaited since 2004.
The updated COSO framework was developed by PricewaterhouseCoopers by request of the COSO board of directors. The main objective is to keep helping firms and organizations to enhance their risk management processes, frameworks and, ultimately, their culture towards Risk Management. COSO has also released a recent update on their internal control framework, which is used globally by several auditors. The main highlights of this ERM framework update include:
- the importance of enterprise risk management in strategic planning, pointing out the importance of embedding ERM throughout firms to guarantee it aligns both with strategy and performance
- improved integration of enterprise risk management with firms’ strategy through performance and implementation
- create a more global framework than has been available in the past. COSO engaged with over 400 organizations in 11 countries that span five continents as part of creating this framework
- as a result, many aspects that were some of COSO’s early theories and hypotheses were validated by this global debate, allowing to roll out all of the gathered knowledge into this new updated framework
In summary and quoting the official paper, COSO points out the main features of this update:
- Provides greater insight into the value of enterprise risk management when setting andcarrying out strategy
- Enhances alignment between performance and enterprise risk management to improve thesetting of performance targets and understanding the impact of risk on performance.
- Accommodates expectations for governance and oversight.
- Recognizes the globalization of markets and operations and the need to apply a common,albeit tailored, approach across geographies.
- Presents new ways to view risk to setting and achieving objectives in the context of greaterbusiness complexity.
- Expands reporting to address expectations for greater stakeholder transparency.
- Accommodates evolving technologies and the proliferation of data and analytics in supportingdecision-making.
Sets out core definitions, components, and principles for all levels of management involvedin designing, implementing, and conducting enterprise risk management practices
Download the Executive Summary (PDF)
Click on the image below to access and download COSO’s executive summary (PDF, opens in a new window).