One of the most widely applied enterprise risk management (ERM) frameworks – the COSO ERM framework – has been updated. The framework developed by the US Committee of Sponsoring Organizations of the Treadway Commission (COSO) has been updated for 2017 and is now titled Enterprise Risk Management–Integrating with Strategy and Performance. The framework helps organisations manage their risks and incorporates current and evolving concepts impacting ERM culture. Some of the factors that necessitated the new ERM framework include the increased complexity and rapid change in the global business environment, along with rapid technological evolution and the increased requirements for financial and fiscal transparency.
What is the COSO framework?
The Committee of Sponsoring Organisations was set up in 1985 to tackle fraud in financial reporting. The sponsoring organisations that make up the body comprise five US entities (the American Accounting Association, AICPA, Financial Executives International, IMA and the Institute of Internal Auditors) and its mission is to develop comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence. COSO's Enterprise Risk Management-Integrated Framework was first issued in 2004.
9 ways the COSO ERM framework has changed
In this blog, PwC's Dennis Chesley explains why COSO has updated its ERM Framework. He names the complexity and shifting business environment in which new risks are emerging more rapidly than in the past. Changing customer behaviour is also exerting considerable pressure on businesses and making the global economy less predictable. At the same time, companies are contending with evolving technology and the need for greater financial and fiscal transparency. Chesley states: “Addressing these challenges requires that organisations take a new approach to managing risk: one that helps to create, preserve and realise value now and in the future.”
Chesley names some of the key changes in the COSO ERM framework update as follow:
- the new framework introduces a new structure with just five components and 20 principles aligned to the business cycle;
- the framework presents a clear case for integrating ERM practices with strategy-setting and performance management practices to help realise benefits related to value;
- it offers guidance on how to better integrate enterprise risk management, linking risk with strategy setting and day-to-day activities, embedding it throughout an organisation’s culture, capabilities and practices, and fostering better decision-making;
- the framework’s language is written from the perspective of business, facilitating conversations about risk and setting out core definitions, components and principles for all levels of management involved in designing, implementing and conducting ERM practices;
- there are new conceptual graphics to illustrate the relationship between risk management and the business model;
- it explores risk management at all levels of the organisation;
- it examines challenging topics in more depth, for example, risk appetite and the portfolio view of risk, and addresses some misconceptions that exist today, providing deeper insight;
- there is greater emphasis on how ERM practices can instil more transparency and risk awareness into an organisation’s culture;
- the new framework sheds light on how IT trends affect business, for example: the proliferation of data, artificial intelligence and automation.
Chesley notes: “Adopting the COSO ERM Framework is an opportunity for organisations, regardless of industry, to be innovative when it comes to using risk as an advantage to drive distinctive strategies and enhanced performance. The framework offers new insight into how boards and management can derive greater value from enterprise risk management.”
CTMfile take: the new updated COSO ERM framework goes further in connecting and integrating risk management with more parts of the business, at all levels, as rapid advances in technology also change the way business is done and structured. The framework should help companies take a more innovative approach to ERM. PwC provides more information on the ERM framework here.
US companies face Sarbanes-Oxley compliance burden
The cost of SOX compliance is still high, with a significant number of large companies spending $2 million or more per year, a rise in external audit fees and more time spent on compliance.
Fraud keeps on growing, although new products could reduce some types
But ‘The worst is yet to come’. Are you ready?
Updated Framework for designing, implementing and conducting internal control and assessing their ef
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) – an organization providing thought leadership and guidance on internal control, enterprise risk management, and