The challenge for management and the board of directors is to evaluate how much uncertainty – as well as how much risk – they are prepared and able to accept when executing the strategy and pursuing the organization’s performance goals. Therefore, ERM is all about balancing risks and reward in creating value. Achieving that balance leads to an emphasis on protecting enterprise value as well as enhancing it.
The framework is principles-based, meaning it introduces five interrelated components and outlines 20 relevant principles arrayed among those components. The framework is a significant improvement over its 2004 counterpart, as its structure offers a benchmarking option for companies seeking to enhance their ERM approach. The framework focuses on integrating ERM with the core processes that matter. Its subtitle says it all – “Integrating with Strategy and Performance.” Its concept of integration is embodied within its definition of ERM: “The culture, capabilities and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk creating, preserving and realizing value.”
If a company implements a stand-alone process, it may be worthwhile and useful, but not an ERM, as COSO defines it. There are four themes that are vital to effective ERM integration:
Learn more about ERM and COSO by exploring these related publications on KnowledgeLeader:
Enterprise Risk Management Summary Approach Guide
Enterprise Risk Management Project Plan Guide
COSO ERM: What It Means to the Board
Overview of the COSO Internal Control - Integrated Framework (KLplus CPE Course)
Updated COSO ERM Framework: What's New?
*This post has been updated to include Enterprise Risk Management - Integrated Framework updates.