Overview

On September 6, 2017, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its highly anticipated ERM Framework: Enterprise Risk Management–Integrating with Strategy and Performance. This new document builds on its predecessor, Enterprise Risk Management–Integrated Framework (2004), one of the most widely recognized and applied risk management frameworks in the world. The updated edition is designed to help organizations create, preserve, and realize value while improving their approach to managing risk.

The update, developed by PwC under the direction of the COSO Board, highlights the importance of enterprise risk management (ERM) in strategic planning. It also emphasizes embedding ERM throughout an organization, as risk influences strategy and performance throughout the organization.

The first part of the updated ERM Framework offers a perspective on current and evolving concepts and applications of enterprise risk management to meet the demands of an evolving business environment. The ERM Framework itself is organized into five easy-to-understand components that accommodate different viewpoints and operating structures to enhance strategies and decision-making.

The update focuses on challenges and evolving expectations of enterprise risk management that business leaders and boards are dealing with in today’s landscape, including shifts in economic markets, evolving technologies, and changing demographics in supporting decision-making.

For further details, see the COSO’s press release, executive summary and FAQ . The updated ERM Framework may be purchased from the COSO website – see link https://www.coso.org/Pages/guidance.aspx

A num­ber of ob­servers will ask “How does the up­date to the ERM Framework re­late to the COSO 2013 In­ter­nal Con­trol – In­te­grated Frame­work?” Per the COSO’s FAQ on this is­sue, internal control is positioned within the updated ERM document as a fundamental aspect of enterprise risk management. The two COSO documents complement each other, with neither superseding the other. The updated ERM document will focus on requisite areas that go beyond internal control; however, the Internal Control–Integrated Framework remains a viable and suitable framework for designing, implementing, and conducting and assessing the effectiveness of internal control and for reporting, as required in some jurisdictions.