COSO Enterprise Risk Management - Aligning Risk with Strategy and Performance (Amendments to COSO’s ERM Framework) [Completed]

Effective date:

COSO’s updated ERM Framework was issued on September 6, 2017 and may be adopted voluntarily by organizations from that date.

Last updated:

September 2017


On September 6, 2017, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its highly anticipated ERM Framework: Enterprise Risk Management–Integrating with Strategy and Performance. This new document builds on its predecessor, Enterprise Risk Management–Integrated Framework (2004), one of the most widely recognized and applied risk management frameworks in the world. The updated edition is designed to help organizations create, preserve, and realize value while improving their approach to managing risk.

The update, developed by PwC under the direction of the COSO Board, highlights the importance of enterprise risk management (ERM) in strategic planning. It also emphasizes embedding ERM throughout an organization, as risk influences strategy and performance throughout the organization.

The first part of the updated ERM Framework offers a perspective on current and evolving concepts and applications of enterprise risk management to meet the demands of an evolving business environment. The ERM Framework itself is organized into five easy-to-understand components that accommodate different viewpoints and operating structures to enhance strategies and decision-making.

The update focuses on challenges and evolving expectations of enterprise risk management that business leaders and boards are dealing with in today’s landscape, including shifts in economic markets, evolving technologies, and changing demographics in supporting decision-making.

For further details, see the COSO’s press release, executive summary and FAQ . The updated ERM Framework may be purchased from the COSO website – see link

A num­ber of ob­servers will ask “How does the up­date to the ERM Framework re­late to the COSO 2013 In­ter­nal Con­trol – In­te­grated Frame­work?” Per the COSO’s FAQ on this is­sue, internal control is positioned within the updated ERM document as a fundamental aspect of enterprise risk management. The two COSO documents complement each other, with neither superseding the other. The updated ERM document will focus on requisite areas that go beyond internal control; however, the Internal Control–Integrated Framework remains a viable and suitable framework for designing, implementing, and conducting and assessing the effectiveness of internal control and for reporting, as required in some jurisdictions.

Other developments

September 2017

On September 6, 2017, COSO released its new ERM Framework: Enterprise Risk Management–Integrating with Strategy and Performance.

June 2016

On June 14, 2016, COSO issued a proposed update to its Enterprise Risk Management – Integrated Framework, entitled Enterprise Risk Management — Aligning Risk with Strategy and Performances. Comments are due by September 30, 2016.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.