In initiating the project to update its ERM framework, COSO saw opportunities to achieve clarity on several fronts. The updated framework recognizes the increasing importance of the interconnection of risk, strategy and enterprise performance – particularly in conjunction with making important decisions. It begins with an underlying premise that every entity exists to provide value to its stakeholders and faces uncertainty in the pursuit of that value. Therefore, the framework itself focuses on preserving and creating enterprise value, with an emphasis on managing risk within the entity’s risk appetite. The term “uncertainty” is defined as not knowing how or if potential events may manifest themselves in the context of achieving future strategies and business objectives. “Risk” is considered the effect of such uncertainty in the formulation and execution of the business strategy and the achievement of business objectives.
What Does COSO Stand For?
In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed a model for evaluating internal controls. This model has been adopted as the generally accepted framework for internal control and is widely recognized as the definitive standard against which organizations measure the effectiveness of their systems of internal control.
Protiviti has published the second edition of its popular booklet, Guide to the Sarbanes-Oxley Act: IT Risks and Controls.
This publication is the definitive resource guide on IT risks and control issues related to compliance with SOX Section 404. This is a 45 page booklet covering an array of SOX-related topics in a questions and answers format.
Add a Comment: