COSO ERM: Getting Risk Management Right


Strategy and organizational performance are the heart of the updated framework.

As enterprise risk management (ERM) has become popular in the past two decades, organizations have been trying to implement a program that makes all stakeholders satisfied that they are "doing risk management right." The problem is ERM is not a program. In fact, it is not a department nor a process, either. ERM — or more generically "risk management" — is an integral component of decision-making. It is a set of skills, approaches, competencies, tools, culture, and more that do not stand alone, but are part of all that an organization does. Unfortunately, many organizations don’t execute risk management well and suffer the consequences.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) recently published an update to its 2004 COSO ERM framework. The name of the 2017 version says it all: Enterprise Risk Management–Integrating With Strategy and Performance. Risk management is all about strategy and performance.

Read the complete Internal Auditor article about COSO ERM

Or download the PDF COSO ERM


Terug naar het nieuwsoverzicht

IIA Nederland

Burgemeester Stramanweg 105F
1101 AA Amsterdam
Contact opnemen

Audit Magazine

Audit Magazine


IIA is dé toonaangevende beroepsorganisatie voor internal auditors. Een lidmaatschap laat u delen in de collectieve kennis van alle vakgenoten in de wereld.
Meer informatie