KnowledgeLeader Blog

What is the COSO Enterprise Risk Management Framework?—Updated!*

Posted by Katrina Opgenorth on Mon, Feb 20, 2017 @ 09:00 AM

""In initiating the project to update its ERM framework, COSO saw opportunities to achieve clarity on several fronts.  The updated framework recognizes the increasing importance of the interconnection of risk, strategy and enterprise performance – particularly in conjunction with making important decisions.  It begins with an underlying premise that every entity exists to provide value to its stakeholders and faces uncertainty in the pursuit of that value.  Therefore, the framework itself focuses on preserving and creating enterprise value, with an emphasis on managing risk within the entity’s risk appetite.  The term “uncertainty” is defined as not knowing how or if potential events may manifest themselves in the context of achieving future strategies and business objectives. “Risk” is considered the effect of such uncertainty in the formulation and execution of the business strategy and the achievement of business objectives.

The challenge for management and the board of directors is to evaluate how much uncertainty – as well as how much risk – they are prepared and able to accept in executing the strategy and pursing the organization’s performance goals.  Therefore, ERM is all about balancing risks and reward in creating value.  Achieving that balance leads to an emphasis on protecting enterprise value as well as enhancing it.

The framework is principles-based, meaning it introduces five interrelated components and outlines 20 relevant principles arrayed among those components.  The framework is a significant improvement over its 2004 counterpart, as its structure offers a benchmarking option for companies seeking to enhance their ERM approach.  The framework focuses on integrating ERM with the core processes that matter; is subtitle says it all – “Integrating with Strategy and Performance.” Its concept of integration is embodied within its definition of ERM: “The culture, capabilities and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.”

If a company implements a stand-along process, it may be worthwhile and useful, but not a ERM as COSO defines it.  There are four themes that are vital to effective integration of ERM:

  1. Implementation with strategy
  2. Integration with performance
  3. Lay a strong foundation with risk governance and culture
  4. Tie risk considerations into decision-making processes

COSO provides various tools to learn more about the updated ERM framework. You can also access further information about ERM on KnowledgeLeader by visiting the ERM topic page.


*This post has been updated to include Enterprise Risk Management - Integrated Framework updates.

Topics: enterprise risk management, COSO Framework

Add a Comment:

Subscribe to Our Blog

About KnowledgeLeader

KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.

With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.

For more information:

 Tour the Site

Recent Posts

Posts by Topic

see all